Step into a role where your expertise directly safeguards critical systems and empowers teams to do their best work. As an Epic Applications Security Analyst, you’ll be at the forefront of protecting and strengthening a complex healthcare application environment, ensuring secure, seamless access for users while proactively identifying and mitigating risks. Working across Epic application teams, you’ll tackle real-world security challenges, respond to incidents, and drive continuous improvement in our information security posture. We’re looking for a resourceful problem-solver with a passion for security, a strong technical foundation, and the ability to navigate evolving threats—someone ready to make a meaningful impact in a highly collaborative and mission-driven setting.
Located in Arlington, Virginia, VHC Health is a 548-bed, independent, not-for-profit health system and nationally recognized teaching hospital. We have proudly served the Washington, DC metropolitan community for more than 75 years. Consistently ranked among the top hospitals in Virginia and the region, VHC Health has earned recognition as a 2025 Forbes Best-In-State Employer and a 2025 Newsweek World’s Best Hospital. We also hold the prestigious Magnet® designation for nursing excellence. As a Level II Trauma Center, we are committed to delivering exceptional, patient-centered care when it matters most.
Purpose & Scope:
Member of a team that manages and monitors the safety of information systems assets and protects systems from intentional or inadvertent access or destruction. Has a specific focus on the Epic system. Coordinates security efforts between Epic application teams. Ensures that authorized users are able to successfully log in to Hyperspace with the appropriate security to complete their job in the system. Responds to, analyzes, and resolves Information Security issues, concerns, questions, incidents and events. Identifies and evaluates risks and threats. Makes resourceful, practical decisions and addresses unexpected problems. Conducts evaluations of current information security posture and recommends approaches to strengthen as appropriate.
Education:
Bachelor's degree in computer engineering, computer science, or information systems management or approved equivalent combination of education and experience. Three years of additional related experience may be substituted in lieu of educational requirement.
Experience:
• Minimum three years of experience in the information technology field, preferably concentrated in information security.
• Experience with and knowledge of UNIX operating systems desired and Microsoft operating systems required; risk and threat assessment process and practices; project planning and management; business continuity planning, documentation and evaluation
• Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
• Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
• Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
• Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
• Experience with Epic application security a plus
Certification/Licensure:
None.
Pay & Benefits: Commensurate with experience. Team members are eligible to receive benefits on the first day of the month following the date of hire, with 30 days to apply for benefits of choice.