IT Security Systems Senior Engineer

Job Title & Specialty Area: IT Security Systems Senior Engineer

Department: IT Security

Location: Carrollton, TX

Shift: 8:00 am to 5:00 pm

Job Type: Remote

Why Children's Health?

At Children's Health, our mission is to Make Life Better for Children, and we recognize that their health plays a crucial role in achieving this goal.

Through our cutting-edge treatments and affiliation with UT Southwestern, we strive to deliver an extraordinary patient and family experience, ensuring that every moment, big or small, contributes to their overall well-being.

Our dedication to promoting children's health extends beyond our organization and encompasses the broader community. Together, we can make a significant difference in the lives of children and contribute to a brighter and healthier future for all.

Summary:
The Senior Security Systems Engineer is responsible for architecting, implementing, and operating enterprise security engineering solutions focused on Identity & Access Management (IAM), data privacy, data security, AI, automated workflow creation and management and infosec data analytics reporting for a large hospital system. This role engineers security controls across Microsoft 365 and Microsoft Azure, enabling secure clinical and corporate workflows while maintaining compliance with HIPAA and internal governance standards.

This position requires deep hands-on experience with identity security, data protection, and automation‑driven operations, including advanced Python scripting to maintain pre-existing solutions and expand AI capabilities internally to reduce security risk, improve security posture management from an observability and monitoring perspective, and support audit readiness in a regulated healthcare environment.

Responsibilities:

Identity & Access Management (Primary Focus)

• Design, implement, and operate enterprise IAM controls including:
  • Microsoft Entra ID (Azure AD) authentication, authorization, and federation
  • Conditional Access (risk-based access, device trust, MFA, session controls)
  • Privileged Identity Management (PIM) and just‑in‑time administrative access
  • Identity lifecycle processes (joiner/mover/leaver) and access hygiene
• Engineer least‑privilege role models for clinical, research, and administrative users.
• Integrate IAM with clinical systems, analytics platforms, and SaaS applications using SSO and modern auth standards (SAML, OAuth2, OIDC).
• Develop and maintain detections and operational responses for identity compromise, abnormal access, and privilege escalation.

Data Privacy & Security Engineering

• Implement Microsoft-native data protection controls for PHI/ePHI:
  • Sensitivity labels, encryption, and rights management
  • Data Loss Prevention (DLP) across Exchange, Teams, SharePoint, OneDrive, endpoints, and sanctioned SaaS
• Enforce secure sharing controls and domain restrictions aligned with hospital policy.
• Translate HIPAA privacy requirements into enforceable technical solutions.
• Provide architectural guidance for secure analytics and collaboration environments handling sensitive healthcare data.

Microsoft 365 Security Administration

• Administer and engineer security features across M365 workloads:
  • Exchange Online (anti-phishing, impersonation protection, secure mail routing)
  • Teams, SharePoint, and OneDrive sharing and access controls
  • Microsoft Defender and Microsoft Purview security features
• Support investigations, legal holds, and security incidents in coordination with Privacy, Legal, and SecOps teams.
• Tune policies to balance clinician usability with security and compliance.

Azure Security & Identity Engineering

• Secure Azure identity and platform services:
  • Entra ID hardening, tenant security posture improvements
  • RBAC, managed identities, service principals, Key Vault
• Integrate logging and telemetry with centralized monitoring/SIEM platforms.
• Participate in design reviews, threat modeling, and security sign‑off for new cloud initiatives.

Python Scripting & Security Automation

• The Senior Security Systems Engineer is expected to actively design and maintain Python-based automation to support IAM, privacy, and security operations.
• Ensure scripts follow secure coding practices, logging standards, and production change controls.

Governance, Risk & Compliance Support

• Provide engineering input, evidence, and architecture documentation for HIPAA Security Rule compliance.
• Support risk assessments, tabletop exercises, and control testing activities.
• Collaborate with GRC teams to map technical controls to regulatory requirements and internal policies.

How You’ll Be Successful:

WORK EXPERIENCE

• At least 5 years experience in information security, with a focus on security systems engineering required
• Strong knowledge of security technologies, including firewalls, IDS/IPS, and encryption required

• Four-year Bachelor's degree or equivalent experience Computer Science, Information Security or a related field required

A Place Where You Belong

We put our people first. We welcome, value, and respect the beliefs, identities and experiences of our patients and colleagues. We are committed to delivering culturally effective care, creating meaningful partnerships in the communities we serve, and equipping and developing our team members to make Children’s Health a place where everyone can contribute.

Holistic Benefits – How We’ll Care for You:

· Employee portion of medical plan premiums are covered after 3 years.

· 4%-10% employee savings plan match based on tenure

· Paid Parental Leave (up to 12 weeks)

· Caregiver Leave

· Adoption and surrogacy reimbursement

As an equal opportunity employer, Children's Health does not discriminate against employees or applicants because of race, color, religion, sex, gender identity and expression, sexual orientation, age, national origin, veteran or military status, disability, or genetic information or any other Federal or State legally-protected status or class. This applies to all aspects of the employer-employee relationship including but not limited to recruitment, hiring, promotion, transfer pay, training, discipline, workforce adjustments, termination, employee benefits, and any other employment-related activity.