Senior Security Engineer

The Senior Security Engineer serves as a critical guardian of CHA’s digital landscape. This role combines high-level technical expertise in Palo Alto Next-Generation Firewalls (NGFW), guiding a three-person security engineering team to ensure the confidentiality, integrity, and availability of patient data across our hybrid-cloud healthcare environment.

• Team Leadership: mentor a specialized three-person security engineering team; provide technical guidance, and foster a culture of proactive threat hunting.
• Security Roadmap: Partner with IT leadership to design and execute a security strategy that aligns with CHA’s clinical mission and protects high-priority systems.
• Palo Alto Infrastructure Management: Act as the primary architect for the Palo Alto security stack, including GlobalProtect VPN for remote access, Panorama, WildFire, and advanced Threat Prevention.
• Network Micro-segmentation: Design and maintain strict security boundaries for on-premises systems, specifically ensuring the isolation and security of critical clinical tools.
• Vulnerability Management: Oversee enterprise-wide scanning and remediation efforts using Rapid 7 to protect CHA’s diverse endpoint and server environment.

CHA operates a complex hybrid environment. The candidate must demonstrate advanced proficiency in securing:

• Public Cloud & SaaS Interfaces: Manage and audit security for cloud-hosted applications and Daily Productivity tools.
• Google Workspace Security: Expert-level management of security protocols within Google Workspace (Gmail, Drive, Meet) and Virtru email encryption to prevent data exfiltration.
• Vendor Connectivity (SFTP/VPN): Secure and monitor high-volume data transmissions via SFTP and specialized vendor tunnels for partners.
• Identity & Access Management: Oversee secure authentication to ensure only authorized personnel access clinical systems.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Cyber Security, or a related field.
• Certifications: CISSP is preferred. PCNSE (Palo Alto Networks Certified Network Security Engineer) preferred.
• Technical Stack Experience: 7-10 years of experience with Palo Alto Firewalls and Global Protect.
• Proven experience managing security for Google Cloud Platform (GCP) and Microsoft Azure/Office 365.
• Proficiency in securing complex healthcare interfaces.