• Act as the principal technical authority for vehicle, embedded, and connected cybersecurity across all vehicle programs and platforms. • Define and evolve cybersecurity architectures and technical standards for ECUs, in-vehicle networks, OTA, cloud backends, mobile apps, and V2X ecosystems. • Provide expert guidance on secure-by-design principles and emerging threats affecting automotive and connected systems. • Partner with vehicle, software, and systems engineering teams to integrate cybersecurity requirements throughout the product development lifecycle. • Lead or support threat modeling, risk assessments, and security architecture reviews for vehicle platforms and connected services. • Influence design decisions to balance security, safety, performance, cost, and customer experience. • Support compliance with automotive cybersecurity standards and regulations (e.g., ISO/SAE 21434, UNECE R155/R156, NIST). • Provide technical input for cybersecurity policies, processes, and audit readiness. • Advise leadership on cybersecurity risk posture, residual risks, and mitigation strategies. • Serve as a senior technical advisor during cybersecurity incidents affecting vehicles or connected services. • Guide root cause analysis, remediation strategies, and long-term corrective actions. • Oversee vulnerability disclosure, penetration testing findings, and coordinated response activities. • Represent the company in industry working groups, standards bodies, and technical forums. • Engage with suppliers and technology partners to assess cybersecurity capabilities and risks. • Monitor emerging threats, technologies, and regulatory trends impacting automotive cybersecurity. • Mentor and develop cybersecurity engineers and specialists across the organization. • Elevate overall cybersecurity maturity through knowledge sharing, best practices, and technical reviews.

• Own, design, and continuously improve the security tooling ecosystem that underpins a modern, detection-first Security Operations Center (SOC) • Engineer, deploy, and maintain all core SOC platforms, including Malware analysis and sandboxing solutions, Analyst workstation environments (Windows investigation VMs), Endpoint Detection & Response (EDR/XDR), Email Security Engineering, Vulnerability Scan Engineering • Act as technical owner for SOC platforms, including alignment with architecture requirements, lifecycle management, upgrades, and decommissioning • Ensure SOC platforms are engineered for scale, reliability, performance, and forensic integrity • Own EDR platform engineering, configuration, and operational health across the enterprise • Define and enforce EDR hygiene standards (sensor coverage, policy consistency, versioning, asset attribution) • Monitor EDR health metrics and proactively remediate gaps impacting detection or response efficacy • Develop testing frameworks to validate EDR detections, policies, and response actions • Serve as a technical owner of detection engineering, enabling high-fidelity detections through better tooling, telemetry, and data quality • Engineer and maintain malware detonation and analysis environments that support safe, repeatable analysis • Assess new attacker techniques, malware families, and evasion tactics for detection and prevention opportunities across the enterprise

• Demonstrate sustained effectiveness and high performance within a fast-paced, dynamic environment while resolving complex, time-critical service needs. • Own technician success by delivering accurate diagnostics, correct parts selection, and clearly defined, executable scopes of work supported by complete, relevant documentation. • Drive SLA compliance by analyzing service outliers, executing root cause analysis, and delivering targeted corrective and preventative actions. • Collaborate with STS L1 and L2 leadership to identify and remediate process, coaching, or training deficiencies.

Role Description The Senior Security Systems Engineer is responsible for architecting, implementing, and operating enterprise security engineering solutions focused on Identity & Access Management (IAM), data privacy, data security, AI, automated workflow creation and management, and infosec data analytics reporting for a large hospital system. This role engineers security controls across Microsoft 365 and Microsoft Azure, enabling secure clinical and corporate workflows while maintaining compliance with HIPAA and internal governance standards. This position requires deep hands-on experience with identity security, data protection, and automation-driven operations, including advanced Python scripting to maintain pre-existing solutions and expand AI capabilities internally to reduce security risk, improve security posture management from an observability and monitoring perspective, and support audit readiness in a regulated healthcare environment. Responsibilities - Identity & Access Management (Primary Focus) - Design, implement, and operate enterprise IAM controls including: - Microsoft Entra ID (Azure AD) authentication, authorization, and federation - Conditional Access (risk-based access, device trust, MFA, session controls) - Privileged Identity Management (PIM) and just-in-time administrative access - Identity lifecycle processes (joiner/mover/leaver) and access hygiene - Engineer least-privilege role models for clinical, research, and administrative users. - Integrate IAM with clinical systems, analytics platforms, and SaaS applications using SSO and modern auth standards (SAML, OAuth2, OIDC). - Develop and maintain detections and operational responses for identity compromise, abnormal access, and privilege escalation. - Data Privacy & Security Engineering - Implement Microsoft-native data protection controls for PHI/ePHI: - Sensitivity labels, encryption, and rights management - Data Loss Prevention (DLP) across Exchange, Teams, SharePoint, OneDrive, endpoints, and sanctioned SaaS - Enforce secure sharing controls and domain restrictions aligned with hospital policy. - Translate HIPAA privacy requirements into enforceable technical solutions. - Provide architectural guidance for secure analytics and collaboration environments handling sensitive healthcare data. - Microsoft 365 Security Administration - Administer and engineer security features across M365 workloads: - Exchange Online (anti-phishing, impersonation protection, secure mail routing) - Teams, SharePoint, and OneDrive sharing and access controls - Microsoft Defender and Microsoft Purview security features - Support investigations, legal holds, and security incidents in coordination with Privacy, Legal, and SecOps teams. - Tune policies to balance clinician usability with security and compliance. - Azure Security & Identity Engineering - Secure Azure identity and platform services: - Entra ID hardening, tenant security posture improvements - RBAC, managed identities, service principals, Key Vault - Integrate logging and telemetry with centralized monitoring/SIEM platforms. - Participate in design reviews, threat modeling, and security sign-off for new cloud initiatives. - Python Scripting & Security Automation - The Senior Security Systems Engineer is expected to actively design and maintain Python-based automation to support IAM, privacy, and security operations. - Ensure scripts follow secure coding practices, logging standards, and production change controls. - Governance, Risk & Compliance Support - Provide engineering input, evidence, and architecture documentation for HIPAA Security Rule compliance. - Support risk assessments, tabletop exercises, and control testing activities. - Collaborate with GRC teams to map technical controls to regulatory requirements and internal policies. Qualifications - At least 5 years experience in information security, with a focus on security systems engineering required. - Strong knowledge of security technologies, including firewalls, IDS/IPS, and encryption required. Requirements - Four-year Bachelor's degree or equivalent experience in Computer Science, Information Security, or a related field required. Benefits - Employee portion of medical plan premiums are covered after 3 years. - 4%-10% employee savings plan match based on tenure. - Paid Parental Leave (up to 12 weeks). - Caregiver Leave. - Adoption and surrogacy reimbursement.