SENIOR SECURITY ENGINEER

SUMMARY OF POSITION:The Senior Security Engineer is responsible for designing, implementing, and governing NEMS enterprise security architecture across all clinic sites, data center environments, and cloud infrastructure. Operating within a hybrid multi-site environment spanning multiple hosting locations with defined security SLAs aligned to HIPAA and NIST standards, this role serves as a hands-on technical leader who collaborates with external security vendors, cloud providers, and internal infrastructure teams to architect and enforce a cohesive, Zero-Trust security environment. The Senior Security Engineer plays a critical role in IAM governance, endpoint protection, lifecycle management, security policy development and enforcement, SOC coordination, and continuous compliance monitoring across endpoints and data centers.ESSENTIAL JOB FUNCTIONS:Designs and maintains enterprise security architecture aligned to Zero-Trust principles, NIST Cybersecurity Framework, and organizational risk tolerance across all environments.Defines security baselines and governance frameworks for identity management, endpoint protection, network controls, encryption, and compliance standards.Designs, implements, and governs cloud identity platforms (Azure AD/Entra ID) and hybrid IAM across on-premises and cloud infrastructure.Establishes and enforces multi-factor authentication (MFA) and privileged access management (PAM) policies across all critical systems.Conducts quarterly IAM audits and access reviews ensuring compliance with least-privilege principles and HIPAA-required access controls.Deploys and configures endpoint management agents across 2,500+ endpoints spanning clinic sites and data centersEstablishes, enforces, and monitors security patching schedules across all operating systems, applications, and firmware.Deploys and manages Endpoint Detection and Response (EDR) solutions across critical systems and user workstations.Configures Zero-Trust Network Access agents and network micro-segmentation policies to enforce zero-trust principles and limit lateral movement.Develops security policies aligned to NIST CSF, NIST 800-53, HIPAA Security Rule, and HITECH requirements; conduct annual policy reviews.Conducts quarterly security risk assessments and vulnerability assessments in coordination with penetration testing vendors.Establishes incident response frameworks, escalation procedures, and post-incident review processes validated through tabletop exercises and drills.Collaborates with external SOC vendors to define alert severity levels, routing procedures, and response time objectives.Participates in incident triage, investigations, and root cause analysis for significant security events.Establishes network security policies including segmentation, firewall architecture, and encrypted communications standards.Coordinates with infrastructure teams to design and validate Zero-Trust architecture implementation across all domains.Maintains centralized compliance documentation and prepares evidence packages for regulatory audits and HIPAA risk assessments.Serves as primary technical liaison between NEMS and external security vendors; defines SLAs and monitor performance.Mentors junior security team members and provides technical guidance on security best practices and policy implementation.Stays current with evolving threat landscape, regulatory requirements, and industry standards; recommends quarterly security enhancements aligned to NEMS roadmap.Performs other job duties as required by the manager/supervisor.QUALIFICATIONS:Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, Information Security, or a related STEM field required.Equivalent combination of 8+ years of directly relevant security engineering and IAM experience may be substituted for degree requirement.Certified Information Systems Security Professional (CISSP) is required.Minimum 5 years of enterprise security engineering experience including architecture design, security policy governance, hands-on technical implementation, and demonstrated security leadership owning outcomes across infrastructure, applications, and networks.Minimum 3 years of hands-on experience in each of the following: designing and implementing identity and access management; designing and implementing endpoint detection and response solutions; developing and maintaining security policies aligned to NIST or ISO 27001 frameworks; and coordinating with external security vendors, SOCs, and managed security service providers.Demonstrated experience conducting security risk assessments, vulnerability management, and threat analysis.Demonstrated experience with incident response coordination, root cause analysis, and post-incident reviews.Demonstrated experience with healthcare compliance frameworks including HIPAA Security Rule and HITECH requirements.Experience in healthcare information technology or Federally Qualified Health Center (FQHC) environments preferred.LANGUAGE:Must be able to read, write, and speak English fluently.Ability to speak and/or understand Chinese (Cantonese or Mandarin) is an asset.STATUS:This is an FLSA exempt position.This is not an OSHA high-risk position. #J-18808-Ljbffr