Location: Commerce Place
Category: Information Technology
Department: IT Client Services
Job Type: Full time
Union Name: Non Union
Length Of Shift(s) In Hours: 8
Shift Start + End Times: 9-5
Hours/Week: 40.00
Weekend Requirements: As needed
Holiday Requirements: No
On Call Requirements: Yes
The Senior Security Engineer serves as a critical guardian of CHA's digital landscape. This role combines high-level technical expertise in Palo Alto Next-Generation Firewalls (NGFW), guiding a three-person security engineering team to ensure the confidentiality, integrity, and availability of patient data across our hybrid-cloud healthcare environment.
- Team Leadership: mentor a specialized three-person security engineering team; provide technical guidance, and foster a culture of proactive threat hunting.
- Security Roadmap: Partner with IT leadership to design and execute a security strategy that aligns with CHA's clinical mission and protects high-priority systems like Epic, Nihon Kohden, and Meditech.
- Palo Alto Infrastructure Management: Act as the primary architect for the Palo Alto security stack, including GlobalProtect VPN for remote access, Panorama, WildFire, and advanced Threat Prevention.
- Network Micro-segmentation: Design and maintain strict security boundaries for on-premises systems, specifically ensuring the isolation and security of critical clinical tools like 3M Coding, Nihon Kohden vital monitors, and Radiology PACS.
- Vulnerability Management: Oversee enterprise-wide scanning and remediation efforts using Rapid 7 and SentinelOne to protect CHA's diverse endpoint and server environment.
CHA operates a complex hybrid environment. The candidate must demonstrate advanced proficiency in securing:
- Public Cloud & SaaS Interfaces: Manage and audit security for cloud-hosted applications such as Infor (AWS US-East), Jaggaer, and Daily Productivity tools.
- Google Workspace Security: Expert-level management of security protocols within Google Workspace (Gmail, Drive, Meet) and Virtru email encryption to prevent data exfiltration.
- Vendor Connectivity (SFTP/VPN): Secure and monitor high-volume data transmissions via SFTP (Cerberus) and specialized vendor tunnels for partners like Experian, HealthStream, and LabCorp.
- Identity & Access Management: Oversee secure authentication via Imprivata, Microsoft ADFS, and Sectigo Certificate Manager to ensure only authorized personnel access clinical systems.
Qualifications:
- Education: Bachelor's degree in Computer Science, Cyber Security, or a related field.
- Certifications: CISSP or CISM is required. PCNSE (Palo Alto Networks Certified Network Security Engineer) preferred.
- Technical Stack Experience: 7-10 years of experience with Palo Alto Firewalls and Global Protect.
- Proven experience managing security for Google Cloud Platform (GCP) and Microsoft Azure/Office 365.
- Proficiency in securing complex healthcare interfaces (HL7, TCP/IP, and SFTP).
Please note that the final offer may vary within the listed Pay Range, based on a candidate's experience, skills, qualifications, and internal equity considerations.
