**Position is primarily remote, with periodic onsite work required based on operational needs. Must be located within a reasonable commuting distance of Richmond, Virginia.** The Applications Analyst-Associate manages or performs work associated with analysis, design, implementation, operation, deployment, and support of the organization’s information technology resources. Essential Job Statements - Provides solutions to a variety of basic technical problems requiring analysis of multiple factors. - Responsible for analyzing, implementing, modifying, and installing low-complex system build in different operational environments. - Learns operational and technical workflows. Creates technical specifications, testing plans, and other documentation as defined. - Collecting technical specifications, testing plans, and other documentation as defined. - Assists with testing and supporting system upgrades and improvements. - Understands and performs basic impact analysis functions and remediation. - Performs troubleshooting efforts on application issues, submits service requests to vendors, and follows basic correction steps. - Adheres to system standards and best practices. - Ensures responsibility and visible commitment to diversity, equity, and inclusion programs/initiatives through collaboration and implementation of initiatives across the health system. - Performs other duties as assigned and/or participates in special projects to support the mission of VCUHS. Accepts alternate assignments, as required to fulfill business needs. Patient Population Not applicable to this position. Employment Qualifications Required Education: Associate degree in related field or equivalent combination of related education and experience Combination of education and experience may be considered in lieu of a degree. Preferred Education: Bachelor’s degree in a clinically related field; health informatics or computer science or equivalent Licensure/Certification Required: N/A Licensure/Certification Preferred: Must be certified in Epic module(s) appropriate to area of responsibility as determined by leadership if applicable. Each project and exam as determined for the specific roles must be passed within three (3) attempts. Successful Epic certification(s) completion required within 90 days of final training. Maintain required Epic certification for appropriate role. Minimum Qualifications Years and Type of Required Experience 2 years of related experience in electronic health record suite or health care experience. Other Knowledge, Skills and Abilities Required: - Basic knowledge of system development life cycle application development experience. - Basic knowledge and utilization of application technical standards, principles, theories, concepts, and techniques. - Basic knowledge of application build, change management, testing, and application development procedures. - Flexibility/ adaptability in collaboration, problem solving, and organizational skills. - Project planning, change management, and time management skills. Cultural Responsiveness Demonstrate a commitment to diversity, equity, and inclusion through continuous development, modeling inclusive behaviors, and proactively managing bias. Other Knowledge, Skills and Abilities Preferred: - Previous experience in the training, build, and/or support of our electronic health record suite - Ability to take simple assignments and successfully complete in timely fashion. - Works as change advocate for the organization, showing flexibility as priorities change. - Keeps the patient at the center of focus for all tasks. Working Conditions Periods of high stress and fluctuating workloads may occur. General office environment. May have periods of constant interruptions. Prolonged periods of working alone. Provides on call support as needed. Physical Requirements Physical Demands: Lifting/ Carrying (0-50 lbs.) Work Position: Sitting, Walking, Standing Additional Physical Requirements/ Hazards Physical Requirements: Perform Shift Work, Repetitive arm/hand movements Hazards: Mental/Sensory – Emotional   Mental / Sensory: Reasoning, Problem Solving, Hearing, Speak Clearly, Write Legibly, Reading, Logical Thinking Emotional: Steady Pace, Able to Handle Multiple Priorities, Able to Adapt to Frequent Change EEO Employer/Disabled/Protected Veteran/41 CFR 60-1.4.

• Monitor, triage, and analyze security alerts and events • Lead and support incident response activities • Configure, manage, and optimize security tools • Collaborate with cross-functional teams to design and implement security controls • Identify, assess, and remediate security vulnerabilities • Maintain awareness of emerging cybersecurity threats • Develop and maintain documentation including incident reports and response playbooks • Support security engineering initiatives • Deliver security awareness guidance and training to employees • Participate in on-call rotations and ensure timely response to security incidents

• Monitor network traffic for security incidents and anomalies. • Conduct vulnerability assessments and penetration testing. • Investigate security breaches and other cybersecurity incidents. • Develop and implement security policies and procedures. • Collaborate with IT and other departments to enhance security measures. • Stay updated with the latest cybersecurity trends and threats. • Accountable for SOC-2 and HIPAA compliance through Vanta • Prepare reports and documentation on security incidents and findings. • Provide training and support to staff on cybersecurity best practices.

Role Summary: The Security Analyst supports the organization’s security, identity, and IT operations by monitoring systems, responding to security events, managing access controls, and assisting with day-to-day security and IT initiatives. This role works closely with the Manager of Information Security, Compliance & IT to strengthen the company’s security posture, support compliance requirements, and ensure reliable and secure IT operations as the organization scales. This position is ideal for a technically curious, hands-on analyst who wants exposure to cloud security, SaaS environments, compliance frameworks, and real-world security operations. Key Responsibilities: Security Operations (SecOps) - Monitor security alerts and logs from security tools (SIEM, EDR, cloud security platforms) - Triage, investigate, and escalate security events and incidents - Assist with incident response activities, evidence collection, and post-incident reviews - Support vulnerability management activities, including scan reviews and remediation tracking - Help maintain detection rules, alerts, and operational runbooks Identity & Access Management (IAM) - Manage user lifecycle processes (onboarding, offboarding, role changes) - Administer identity platforms (e.g., Google Workspace, cloud IAM, SSO providers) - Enforce least-privilege access and role-based access controls - Review and certify user access on a recurring basis - Assist with MFA enforcement and access exception tracking IT & Endpoint Operations - Support endpoint management activities (macOS, Windows, mobile devices) - Assist with endpoint security tooling (EDR, MDM, disk encryption, patching) - Help troubleshoot user access, authentication, and device-related issues - Maintain asset inventories and assist with IT documentation Compliance & Governance Support - Assist with compliance evidence collection (SOC 2, ISO 27001, PCI DSS, etc.) - Support audit preparation and remediation activities - Help maintain security documentation, procedures, and internal standards - Participate in tabletop exercises and security drills Continuous Improvement - Identify opportunities to automate security and IT workflows - Contribute to improving security monitoring, IAM processes, and operational efficiency - Stay current on security threats, best practices, and tooling Required Qualifications: Technical Skills - 2–4 years of experience in information security, IT operations, or a related role - Hands-on experience with IAM concepts (SSO, MFA, RBAC, least privilege) - Familiarity with security operations concepts (SIEM, EDR, alert triage) - Basic understanding of cloud platforms (GCP, AWS, or Azure) - Experience supporting macOS and/or Windows endpoints Security Knowledge - Understanding of common security frameworks and standards (SOC 2, ISO 27001, NIST, PCI) - Familiarity with incident response and vulnerability management concepts - Awareness of common attack techniques and security controls Soft Skills - Strong analytical and problem-solving skills - Clear written and verbal communication - Ability to prioritize tasks and manage multiple workstreams - Comfortable working in a fast-paced, evolving environment - Curious mindset with a desire to learn and grow in security Nice-to-Have Qualifications - Experience with Google Workspace administration - Exposure to SIEM tools (e.g., Chronicle, Splunk, QRadar) - Experience with endpoint management tools (Intune, Jamf, or similar) - Scripting or automation experience (Bash, Python) - Security certifications (Security+, SSCP, Google/AWS certifications) Why This Role Matters: - Directly supports the organization’s security posture and compliance commitments - Provides hands-on exposure to real security operations and cloud environments - Offers mentorship and growth under experienced security leadership - Opportunity to grow into senior security, cloud security, or GRC roles Location United States (Remote) Department Information Security Employment Type Full-Time Minimum Experience Mid-level Compensation USD $70k-$80k