Length Of Shift(s) In Hours: 8
Shift Start + End Times: 9-5
Hours/Week: 40.00 
Weekend Requirements: As needed
Holiday Requirements: No
On Call Requirements: Yes

The Senior Security Engineer serves as a critical guardian of CHA’s digital landscape. This role combines high-level technical expertise in Palo Alto Next-Generation Firewalls (NGFW),  guiding a three-person security engineering team to ensure the confidentiality, integrity, and availability of patient data across our hybrid-cloud healthcare environment. 

• Team Leadership:  mentor a specialized three-person security engineering team; provide technical guidance, and foster a culture of proactive threat hunting.

• Security Roadmap: Partner with IT leadership to design and execute a security strategy that aligns with CHA’s clinical mission and protects high-priority systems like Epic, Nihon Kohden, and Meditech.

• Palo Alto Infrastructure Management: Act as the primary architect for the Palo Alto security stack, including GlobalProtect VPN for remote access, Panorama, WildFire, and advanced Threat Prevention.

• Network Micro-segmentation: Design and maintain strict security boundaries for on-premises systems, specifically ensuring the isolation and security of critical clinical tools like 3M Coding, Nihon Kohden vital monitors, and Radiology PACS.

• Vulnerability Management: Oversee enterprise-wide scanning and remediation efforts using Rapid 7 and SentinelOne to protect CHA’s diverse endpoint and server environment.

CHA operates a complex hybrid environment. The candidate must demonstrate advanced proficiency in securing:

• Public Cloud & SaaS Interfaces: Manage and audit security for cloud-hosted applications such as Infor (AWS US-East), Jaggaer, and Daily Productivity tools.

• Google Workspace Security: Expert-level management of security protocols within Google Workspace (Gmail, Drive, Meet) and Virtru email encryption to prevent data exfiltration.

• Vendor Connectivity (SFTP/VPN): Secure and monitor high-volume data transmissions via SFTP (Cerberus) and specialized vendor tunnels for partners like Experian, HealthStream, and LabCorp.
  
  

• Identity & Access Management: Oversee secure authentication via Imprivata, Microsoft ADFS, and Sectigo Certificate Manager to ensure only authorized personnel access clinical systems.

Qualifications: 

• Education: Bachelor’s degree in Computer Science, Cyber Security, or a related field.

• Certifications: CISSP or CISM is required. PCNSE (Palo Alto Networks Certified Network Security Engineer) preferred.

• Technical Stack Experience: 7-10 years of experience with Palo Alto Firewalls and Global Protect.

• Proven experience managing security for Google Cloud Platform (GCP) and Microsoft Azure/Office 365.

• Proficiency in securing complex healthcare interfaces (HL7, TCP/IP, and SFTP).

Please note that the final offer may vary within the listed Pay Range, based on a candidate's experience, skills, qualifications, and internal equity considerations.

In keeping with federal, state and local laws, Cambridge Health Alliance (CHA) policy forbids employees and associates to discriminate against anyone based on race, religion, color, gender, age, marital status, national origin, sexual orientation, gender identity, veteran status, disability or any other characteristic protected by law. We are committed to establishing and maintaining a workplace free of discrimination. We are fully committed to equal employment opportunity. We will not tolerate unlawful discrimination in the recruitment, hiring, termination, promotion, salary treatment or any other condition of employment or career development. Furthermore, we will not tolerate the use of discriminatory slurs, or other remarks, jokes or conduct, that in the judgment of CHA, encourage or permit an offensive or hostile work environment.