Senior Security Engineer

SUPERVISORY ACCOUNTABILITIES:

This position has
no direct supervisory responsibility
, but may provide
technical direction and mentorship
to junior cybersecurity staff, contractors, and project team members. The Senior Cybersecurity Engineer may also lead cross-functional implementation teams and coordinate security initiatives with other IT units.

NATURE AND SCOPE:

The Senior Cybersecurity Engineer operates in a dynamic and high-impact healthcare technology environment. The position reports to the
Senior Director of Cybersecurity
and collaborates with colleagues across the Technology Services Division, including Infrastructure, Applications, Network Operations, and Compliance.

Internal contacts include administrators, clinical and research staff, faculty, and IT personnel. External contacts include technology vendors, auditors, and regulatory agencies.

The role requires strong analytical skills, proactive threat awareness, and the ability to balance operational demands with strategic security objectives in a mission-critical healthcare setting.

PRINCIPAL ACCOUNTABILITIES:

• Security Operations & Incident Response
• Monitor, analyze, and respond to security alerts, incidents, and anomalies across systems.
• Conduct vulnerability assessments, penetration testing, and threat-hunting activities to identify and mitigate risks.
• Investigate and document security incidents, performing root cause analysis and recommending remediation actions.
• Utilize SIEM, EDR, and IDS/IPS platforms (e.g., CrowdStrike, Microsoft Sentinel) to strengthen continuous monitoring.
• Security Engineering & Architecture
• Design, implement, and manage enterprise cybersecurity controls, including firewalls, NAC, DLP, CASB, and endpoint protection systems.
• Support secure configuration management using CIS Benchmarks and STIGs.
• Implement and manage identity and access management (IAM), multifactor authentication (MFA), and privilege access controls.
• Integrate cybersecurity practices into DevOps processes and CI/CD pipelines (DevSecOps).
• Support the adoption and enforcement of
  Zero Trust Architecture
  principles across hybrid and cloud environments.
• Governance, Risk, and Compliance
• Ensure compliance with cybersecurity frameworks and regulatory requirements, including
  HIPAA
  ,
  NIST 800-53
  ,
  ISO/IEC 27001
  ,
  PCI DSS
  , and
  GDPR
  .
• Contribute to the development and maintenance of security policies, procedures, and documentation.
• Support internal and external security audits, risk assessments, and compliance reviews.
• Participate in disaster recovery and business continuity planning activities.
• Collaboration, Training, and Awareness
• Work collaboratively with IT, Compliance, and Clinical Operations to embed security throughout technology operations.
• Provide mentorship and technical leadership to IT personnel and cybersecurity staff.
• Develop and deliver user training on secure computing, phishing prevention, and data protection best practices.
• Communicate complex technical concepts to diverse audiences, promoting security awareness and shared accountability.

CORE COMPETENCIES:

• Strategic Thinking:
  Ability to align cybersecurity initiatives with priorities and risk management goals.
• Technical Expertise:
  Deep understanding of enterprise and cloud security controls, architecture, and technologies.
• Incident Response:
  Skilled in analyzing threats, mitigating vulnerabilities, and managing security incidents effectively.
• Collaboration:
  Strong interpersonal and communication skills to work across departments and teams.
• Innovation:
  Demonstrated ability to evaluate emerging tools, techniques, and threat intelligence for proactive defense.
• Compliance Knowledge:
  In-depth familiarity with HIPAA, NIST, ISO 27001, PCI DSS, and related frameworks.
• Problem Solving:
  Methodical, detail-oriented approach to diagnosing and resolving complex security challenges.
• Adaptability:
  Ability to manage competing priorities and respond quickly to evolving security threats.

MINIMUM REQUIREMENTS:

Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
• Master's degree in Business Administration, Cybersecurity, or related discipline is preferred.

Experience:

• Minimum
  7–10 years
  of progressive experience in information security, with at least
  5 years
  in a security engineering role.
• Demonstrated experience in securing hybrid infrastructures, including on-premises systems and cloud environments (Azure, AWS, GCP).
• Proven expertise with enterprise tools such as Microsoft Defender Suite, Cisco ISE, CrowdStrike Falcon, and Azure Sentinel.
• Proficiency in scripting languages (e.g., PowerShell, Python) for automation and threat analysis.
• Strong background in encryption, PKI, IAM, SSO, VPNs, and secure system design.
• Experience implementing
  Zero Trust Architecture
  and
  DevSecOps
  practices.

Certifications (one or more preferred):

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CCSP (Certified Cloud Security Professional)
• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate
• SABSA or TOGAF (preferred)

Other Requirements:

• Strong written and verbal communication skills.
• Ability to manage multiple priorities and work effectively in a fast-paced, high-stakes healthcare environment.
• High level of integrity and commitment to protecting sensitive information.