Job Closed
This listing is no longer active.
IT Security Architect
Location
Arizona + 21 moreAll locations: Arizona | Colorado | Connecticut | Florida | Idaho | Illinois | Kansas | New Jersey | North Carolina | Ohio | Oregon | Maryland | Massachusetts | Michigan | Pennsylvania | South Carolina | Tennessee | Texas | Utah | Virginia | Washington | Wisconsin
Posted
115 days ago
Salary
$104.2K - $143.9K / year
Seniority
Senior
Job Description
IT Security Architect
Vail Health
• Owns the enterprise security architecture and multi-year roadmap, defining target state designs, security standards, and investment priorities; acts as a trusted advisor to executive leadership and drives cross functional delivery across IT, cloud, and product teams. • Establishes and governs enterprise identity, access, and data protection strategy, including SSO/MFA, federation (SAML, OIDC, OAuth), RBAC/ABAC, IGA lifecycle automation, privileged access management (PAM), and secrets and certificate management—enforcing least privilege and zero standing access at scale. • Defines and executes cloud security strategy across Azure and AWS by designing secure landing zones and zero trust guardrails; implements and operationalizes CSPM, CWPP, and CIEM capabilities to continuously reduce cloud risk and misconfiguration exposure. • Leads network and Zero Trust architecture modernization, including micro segmentation, NAC, next generation firewalls, secure remote access, and policy enforcement; delivers measurable isolation of critical systems and reduction of lateral movement risk. • Elevates security operations architecture and detection strategy, shaping SIEM and XDR correlation across endpoint, identity, email, cloud, and network telemetry; optimizes signal to noise, detection fidelity, and mean time to detect and respond (MTTD/MTTR). • Owns incident response architecture and organizational readiness, developing playbooks for containment, eradication, and recovery; ensures forensic readiness; leads post incident executive reviews and drives durable control improvements aligned to root cause analysis. • Scales security automation and orchestration through SOAR and API driven integrations, automating high impact detections, incident response workflows, access reviews, and vulnerability and patch pipelines; maintains policy as code and audit ready evidence collection. • Hardens enterprise email and social engineering defenses, enforcing DMARC, DKIM, and SPF, advanced BEC protections, and SEG/SASE integrations; analyzing attack trends to inform preventative controls and security awareness initiatives. • Owns enterprise vulnerability and patch governance, implementing risk based prioritization, remediation SLAs, executive dashboards, and validation of fixes; partners with Infrastructure and Cloud teams to continuously improve hardening baselines and exposure metrics. • Embed governance, risk, and compliance requirements into security architecture, aligning designs to HIPAA, HITECH, HITRUST, NIST CSF and 800 series controls, CIS Controls, and ISO 27001; delivering defensible metrics and board level reporting. • Applies healthcare specific security patterns for PHI, EMR/EHR platforms, and connected clinical devices, ensuring secure data flows, strong segmentation, and protection of patient care networks where applicable. • Leads security platform and vendor strategy, including evaluation and proof of value, selection, enterprise rollout, and optimization of EDR/XDR, SIEM, IAM/IGA/PAM, and cloud security platforms; demonstrate measurable risk reduction and return on security investment.
Job Requirements
- Five years of experience in Information Technology required (multiple areas preferred).
- Three years of experience in healthcare information security preferred.
- Demonstrated knowledge of Network Hardware Configuration, Network Protocols, Information Security requirements for healthcare, and policy creation required.
- Demonstrated knowledge of EMR products preferred.
- Certified Information Systems Security Professional (CISSP) required.
- Other IT Security Certifications Desired: CISM, CISA, Microsoft, Cisco.
- Bachelor’s degree in computer science or information systems preferred.
Benefits
- Competitive wages
- Parental leave (4 weeks paid)
- Housing programs
- Childcare reimbursement
- Medical
- Dental
- Vision
- Tuition Assistance
- Existing Student Loan Repayment
- Specialty Certification Reimbursement
- Annual Supplemental Educational Funds
- Up to five weeks in your first year of employment and continues to grow each year.
- 403(b) Retirement plan with immediate matching
- Life insurance
- Short and long-term disability
- Up to $1,000 annual wellbeing reimbursement
- Recreation discounts
- Pet insurance
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Architect
GuidePoint SecurityFounded in 2011 and headquartered in Herndon, Virginia, GuidePoint Security furnishes commercial and federal organizations with customized information security
• Develop a deep operational understanding of tools, architectures, and processes across the security ecosystem. • Build, maintain, and expand strategic relationships with key vendors and emerging technology partners. • Conduct evaluations of new technologies, products, and solutions to ensure alignment with client needs and industry best practices. • Maintain awareness of vendor certifications, industry advancements, and emerging security capabilities. • Lead and coordinate “vendor days” with key partners for internal team enablement and education. • Compare and contrast competitive solutions to determine the most effective fit for client requirements. • Serve as the design/architecture lead and primary technical interface for clients throughout the engagement lifecycle. • Identify vendors and partners that align to operational requirements, budgets, and client resource constraints. • Lead solution demos with vendor support, ensuring the demos are tailored to client objectives and clearly differentiated. • Produce, socialize, and document both operational and technical requirements. • Provide options and solution pathways that best align with client maturity, business strategy, and budget. • Evaluate client people, processes, and existing technologies to identify optimization opportunities. • Assist clients with the development of RFIs, RFPs, and program requirements. • Collaborate with GPS SMEs to provide specialized insight, assessments, or validation as needed. • Identify overlaps and gaps within client environments and provide clear recommendations for remediation or enhancement. • Perform technical validation and rationalization of proposed solutions to ensure feasibility, effectiveness, and long-term value. • Support compliance-aligned documentation efforts, ensuring architectures and decisions reflect industry and regulatory expectations. • Lead risk-mitigation activities throughout solution evaluation and implementation. • Advocate for client engineers and technical leaders, ensuring their priorities are incorporated and supported. • Support ongoing alignment of technical roadmaps with client strategic objectives and security programs. • Provide optimization strategies to improve solution adoption, operational efficiency, and measurable outcomes. • Coach client teams, ensuring clarity of roles, solution capabilities, and expected results. • Continuously update, refine, and communicate architectural plans to keep pace with evolving technologies and business needs.
• The Sr Information Security Engineer is responsible for designing, implementing, and continuously improving the technical security controls that protect internally developed applications, including cloud systems, containerized, and serverless workloads. • This role is a hands-on application security specialist who performs deep secure code reviews, leads threat modeling, and drives remediation of complex vulnerabilities across the SDLC. • Collaborating with other technical teams, this role ensures secure application development, deployment, and operation by assessing maturity, defining security requirements and guardrails, and delivering prioritized recommendations to improve pipeline controls, tooling, and integrations within the DevSecOps pipeline. • Key responsibilities include conducting application security assessments, guiding secure software development practices, and advancing the maturity of application security capabilities. • The Information Security Engineer partners with development, operations, and security teams to embed security into development practices and responds as a subject matter expert during application-related security incidents.
• Leading the planning, installation and integration of the Guardicore product in diverse infrastructure environments • Working with customers throughout a delivery project life cycle from project management and architecture design to installation, configuration and documentation • Deploying and implementing network segmentation policies using our state of the art segmentation platform • Delivering advanced professional services such as customizations / training / expansions / configurations / optimizations • Working closely with Support and Engineering teams to quickly resolve any client issues and drive customer post-sales satisfaction
• Joining Alan as a Security Software Engineer team means you're at the forefront of protecting sensitive health data and ensuring our systems are resilient against threats. • Tech Foundations enables product crews and creates the environment to thrive—combining world-class infrastructure, intuitive developer experience, exquisite operational excellence, and built-in security to make shipping exceptional products effortless. • Infrastructure enablement for product crews (e.g. hosting improvements, CI/CD, scalability, multi-cloud architecture) • Security and compliance facilitation (e.g. authentication, encryption, threat protection) • Developer productivity enhancements (e.g. local environment setup, monorepo tooling, observability, tech stack evolution) • Design and development unification (e.g. design system, accessibility) • AI-assisted engineering enablement (e.g. agentic development, code assistants, MCP servers)
