Cybersecurity Analyst & Specialist at Covenant Health

Cybersecurity Analyst Associate

Full Time, 80 Hours Per Pay Period, Day Shift

Covenant Health Overview

Covenant Health is the region’s top-performing healthcare network with 10 hospitals, outpatient and specialty services, and Covenant Medical Group, our area’s fastest-growing physician practice division. Headquartered in Knoxville, Covenant Health is a community-owned integrated healthcare delivery system and the area’s largest employer. Our more than 11,000 employees, volunteers, and 1,500 affiliated physicians are dedicated to improving the quality of life for the more than two million patients and families we serve every year. Covenant Health is the only healthcare system in East Tennessee to be named a Forbes “Best Employer” seven times.

Position Summary

Under close supervision, the Cybersecurity Analyst Associate is responsible for assisting in the protection of Covenant Health’s information systems and data assets from cyber threats. This role involves monitoring security incidents, supporting the management of cybersecurity tools and platforms, and ensuring compliance with healthcare regulations such as HIPAA and HITECH, while adhering to frameworks such as NIST and HITRUST. The analyst will work closely with IT infrastructure, application teams, and clinical departments to implement security best practices and maintain a secure environment across the enterprise.

• Monitor security alerts and incidents using SIEM and EDR platforms.
• Assist in conducting vulnerability assessments and coordinating remediation efforts with system and network teams.
• Help develop and maintain security policies, procedures, and standards aligned with NIST and CIS frameworks.
• Support investigations of security breaches and coordinate incident response activities.
• Perform regular audits of access controls, user permissions, and privileged accounts.
• Collaborate with infrastructure and application teams to ensure secure system configurations and patch management.
• Support compliance initiatives including HIPAA, HITECH, PCI-DSS, and other regulatory requirements.
• Assist in conducting risk assessments and recommending mitigation strategies for new technologies and projects.
• Provide cybersecurity awareness training and guidance to staff across the organization.
• Participate in interdisciplinary IT projects to ensure security is embedded throughout the system lifecycle.
• Maintain current knowledge of emerging threats, vulnerabilities, and cybersecurity technologies.
• Document and report on security metrics, incidents, and risk posture to IT leadership.
• Assist with the implementation of continuous security monitoring and threat intelligence analysis.
• Support forensic investigations and digital evidence collection.
• Collaborate with legal and compliance teams during audits and regulatory reviews.
• Follows policies, procedures, and safety standards. Completes required education assignments annually. Works toward achieving goals and objectives, and participates in quality improvement initiatives as requested.
• Performs other duties as assigned.

Minimum Education

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent work experience and certifications (e.g. Security+, CvSA+, GSEC) will be considered.

Minimum Experience

Two (3) years of experience in IT, with at least one (1) year focused on cybersecurity in a large, complex environment.

Licensure Requirement

None