Apply on Employer Site

Boston Medical Center (BMC) · 12 hours ago

Applications Security Analyst (Epic) III / Senior

United States

Full-time

Remote

Mid, Senior Level

$83K/yr - $120K/yr

5+ years exp

Boston Medical Center (BMC) is seeking a Senior Application Security Analyst to lead the execution and improvement of Epic application access in a high-volume hospital environment. The role involves managing access operations, governance, and audit readiness, while also partnering with IAM/IGA automation programs.

Health CareHospitalMedicalNon Profit

H1B Sponsor Likely

Responsibilities

Own and execute work in a high-volume ServiceNow queue, consistently handling hundreds of tickets per week for joiner/mover/leaver access changes, troubleshooting, and triage

Prioritize and route requests using impact, urgency, patient-care considerations, risk, and defined SLAs; escalate complex/high-risk issues appropriately

Troubleshoot access end-to-end (request intent, user attributes, role mapping, provisioning outcomes, in-application authorization) and document decisions/outcomes clearly for auditability

Serve as the senior escalation point for Epic access design/build and complex access issues; ensure access is scalable, supportable, and aligned to policy

Develop and maintain standardized access patterns Attribute Based Access Control (ABAC)/templates, privileged/elevated access controls) aligned to least privilege

Partner with Epic application teams and operational leaders to translate workflows into durable access models and reduce one-off exceptions

Maintain an Epic access catalog (roles/entitlements, risk tiers, prerequisites, approval paths) and keep it current as workflows evolve

Support access reviews/attestations for high-risk roles and privileged access; drive remediation of findings and control gaps

Support investigations related to inappropriate access/privacy concerns and contribute to corrective action plans

Partner with IAM/IGA stakeholders during SailPoint implementation to ensure Epic is “automation-ready” (clean entitlements, requestable roles, approvals, constraints, and edge-case handling)

Help align access with authoritative source systems (HR, operations, credentialing, etc.) by defining needed attributes and lifecycle scenarios (joiner/mover/leaver, LOA, contractors, students)

Support testing/UAT and rollout readiness by validating that automated provisioning yields correct in-application authorization and usable audit trails

Mentor and quality-review work performed by Level II analysts; establish standard work, runbooks, knowledge articles, and queue hygiene practices

Track and improve key operational metrics (turnaround time, rework/defect rate, exception volume, access quality) and drive measurable process improvement

Qualification

Epic certificationEpic security/access experienceAttribute Based Access ControlMicrosoft ExcelIAM/IGA platforms experienceAudit-ready documentationProcess improvementCross-functional collaboration

Required

Associates degree OR equivalent education or experience

Epic certification(s), Security strongly preferred

5+ years of experience in Epic security/access, application access governance, or closely related healthcare IT security operations with substantial Epic access responsibility

Strong Epic import/export, Microsoft Excel skills and experience

Demonstrated expertise in Attribute Based Access Control (ABAC)/least privilege, access standardization, and governing elevated access in a complex clinical/operational environment

Proven ability to thrive in a high-volume ticket environment while maintaining quality, consistency, and audit-ready documentation

Strong cross-functional collaboration skills (Epic teams, operations, HR, IAM/IGA, IT) and clear written communication

Preferred

Bachelor's degree; majors in Computer Science, Information Systems, Cybersecurity, Healthcare Informatics, or related fields are preferred

Additional Epic certifications

Strong Data Governance knowledge and experience

Experience implementing or partnering with IAM/IGA platforms (Okta LCM or SailPoint ISC/IIQ preferred; similar tools acceptable)

Experience with access reviews/attestations, segregation-of-duties concepts, and audit support in healthcare

Microsoft Access database experience

Benefits

Medical

Dental

Vision

Pharmacy

Discretionary annual bonuses

Merit increases

Flexible Spending Accounts

403(b) savings matches

Paid time off

Career advancement opportunities

Resources to support employee and family well-being

Company

Boston Medical Center (BMC)

Glassdoor3.9

Boston Medical Center (BMC) is a 511-bed, equity-led academic medical center and a proud member of the Boston Medical Center Health System.

Founded in 1996

Boston, Massachusetts, USA

5001-10000 employees

http://www.bmc.org/

H1B Sponsorship

Boston Medical Center (BMC) has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (53)

2024 (51)

2023 (51)

2022 (38)

2021 (26)

2020 (32)

Funding

Current Stage

Late Stage

Total Funding

$342.49M

Key Investors

AmeriCorps Public AlliesNational Institute on Drug Abuse (NIDA)The Boston Foundation

2024-07-09Grant· $0.06M

2023-02-23Debt Financing· $232M

2019-04-23Grant· $89M

Leadership Team

David Beck

Senior Vice President & Chief Legal Counsel

Recent News

Boston Herald

Nurses vote to authorize strike at Boston Medical Center Brighton after threats to staffing, benefits

2025-12-24

Boston Globe

Massachusetts’ nursing shortage has improved, hospital group says

2025-11-11

Canada NewsWire

TraceLink Customers Demonstrate Readiness as DSCSA Dispenser Deadline Arrives

2025-11-10

Company data provided by crunchbase