Role Description The Senior Security Systems Engineer is responsible for architecting, implementing, and operating enterprise security engineering solutions focused on Identity & Access Management (IAM), data privacy, data security, AI, automated workflow creation and management, and infosec data analytics reporting for a large hospital system. This role engineers security controls across Microsoft 365 and Microsoft Azure, enabling secure clinical and corporate workflows while maintaining compliance with HIPAA and internal governance standards. This position requires deep hands-on experience with identity security, data protection, and automation-driven operations, including advanced Python scripting to maintain pre-existing solutions and expand AI capabilities internally to reduce security risk, improve security posture management from an observability and monitoring perspective, and support audit readiness in a regulated healthcare environment. Responsibilities - Identity & Access Management (Primary Focus) - Design, implement, and operate enterprise IAM controls including: - Microsoft Entra ID (Azure AD) authentication, authorization, and federation - Conditional Access (risk-based access, device trust, MFA, session controls) - Privileged Identity Management (PIM) and just-in-time administrative access - Identity lifecycle processes (joiner/mover/leaver) and access hygiene - Engineer least-privilege role models for clinical, research, and administrative users. - Integrate IAM with clinical systems, analytics platforms, and SaaS applications using SSO and modern auth standards (SAML, OAuth2, OIDC). - Develop and maintain detections and operational responses for identity compromise, abnormal access, and privilege escalation. - Data Privacy & Security Engineering - Implement Microsoft-native data protection controls for PHI/ePHI: - Sensitivity labels, encryption, and rights management - Data Loss Prevention (DLP) across Exchange, Teams, SharePoint, OneDrive, endpoints, and sanctioned SaaS - Enforce secure sharing controls and domain restrictions aligned with hospital policy. - Translate HIPAA privacy requirements into enforceable technical solutions. - Provide architectural guidance for secure analytics and collaboration environments handling sensitive healthcare data. - Microsoft 365 Security Administration - Administer and engineer security features across M365 workloads: - Exchange Online (anti-phishing, impersonation protection, secure mail routing) - Teams, SharePoint, and OneDrive sharing and access controls - Microsoft Defender and Microsoft Purview security features - Support investigations, legal holds, and security incidents in coordination with Privacy, Legal, and SecOps teams. - Tune policies to balance clinician usability with security and compliance. - Azure Security & Identity Engineering - Secure Azure identity and platform services: - Entra ID hardening, tenant security posture improvements - RBAC, managed identities, service principals, Key Vault - Integrate logging and telemetry with centralized monitoring/SIEM platforms. - Participate in design reviews, threat modeling, and security sign-off for new cloud initiatives. - Python Scripting & Security Automation - The Senior Security Systems Engineer is expected to actively design and maintain Python-based automation to support IAM, privacy, and security operations. - Ensure scripts follow secure coding practices, logging standards, and production change controls. - Governance, Risk & Compliance Support - Provide engineering input, evidence, and architecture documentation for HIPAA Security Rule compliance. - Support risk assessments, tabletop exercises, and control testing activities. - Collaborate with GRC teams to map technical controls to regulatory requirements and internal policies. Qualifications - At least 5 years experience in information security, with a focus on security systems engineering required. - Strong knowledge of security technologies, including firewalls, IDS/IPS, and encryption required. Requirements - Four-year Bachelor's degree or equivalent experience in Computer Science, Information Security, or a related field required. Benefits - Employee portion of medical plan premiums are covered after 3 years. - 4%-10% employee savings plan match based on tenure. - Paid Parental Leave (up to 12 weeks). - Caregiver Leave. - Adoption and surrogacy reimbursement.