SUMMARY OF POSITION:

The Senior Security Engineer is responsible for designing, implementing, and governing NEMS enterprise security architecture across all clinic sites, data center environments, and cloud infrastructure. Operating within a hybrid multi-site environment spanning multiple hosting locations with defined security SLAs aligned to HIPAA and NIST standards, this role serves as a hands-on technical leader who collaborates with external security vendors, cloud providers, and internal infrastructure teams to architect and enforce a cohesive, Zero-Trust security environment. The Senior Security Engineer plays a critical role in IAM governance, endpoint protection, lifecycle management, security policy development and enforcement, SOC coordination, and continuous compliance monitoring across endpoints and data centers. 

ESSENTIAL JOB FUNCTIONS:

• Designs and maintains enterprise security architecture aligned to Zero-Trust principles, NIST Cybersecurity Framework, and organizational risk tolerance across all environments. 

• Defines security baselines and governance frameworks for identity management, endpoint protection, network controls, encryption, and compliance standards. 

• Designs, implements, and governs cloud identity platforms (Azure AD/Entra ID) and hybrid IAM across on-premises and cloud infrastructure. 

• Establishes and enforces multi-factor authentication (MFA) and privileged access management (PAM) policies across all critical systems. 

• Conducts quarterly IAM audits and access reviews ensuring compliance with least-privilege principles and HIPAA-required access controls. 

• Deploys and configures endpoint management agents across 2,500+ endpoints spanning clinic sites and data centers 

• Establishes, enforces, and monitors security patching schedules across all operating systems, applications, and firmware. 

• Deploys and manages Endpoint Detection and Response (EDR) solutions across critical systems and user workstations. 

• Configures Zero-Trust Network Access agents and network micro-segmentation policies to enforce zero-trust principles and limit lateral movement. 

• Develops security policies aligned to NIST CSF, NIST 800-53, HIPAA Security Rule, and HITECH requirements; conduct annual policy reviews. 

• Conducts quarterly security risk assessments and vulnerability assessments in coordination with penetration testing vendors. 

• Establishes incident response frameworks, escalation procedures, and post-incident review processes validated through tabletop exercises and drills. 

• Collaborates with external SOC vendors to define alert severity levels, routing procedures, and response time objectives. 

• Participates in incident triage, investigations, and root cause analysis for significant security events. 

• Establishes network security policies including segmentation, firewall architecture, and encrypted communications standards. 

• Coordinates with infrastructure teams to design and validate Zero-Trust architecture implementation across all domains. 

• Maintains centralized compliance documentation and prepares evidence packages for regulatory audits and HIPAA risk assessments. 

• Serves as primary technical liaison between NEMS and external security vendors; defines SLAs and monitor performance. 

• Mentors junior security team members and provides technical guidance on security best practices and policy implementation. 

• Stays current with evolving threat landscape, regulatory requirements, and industry standards; recommends quarterly security enhancements aligned to NEMS roadmap. 

• Performs other job duties as required by the manager/supervisor. 

Qualifications

QUALIFICATIONS:

• Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, Information Security, or a related STEM field required.  

• Equivalent combination of 8+ years of directly relevant security engineering and IAM experience may be substituted for degree requirement.  

• Certified Information Systems Security Professional (CISSP) is required.   

• Minimum 5 years of enterprise security engineering experience including architecture design, security policy governance, hands-on technical implementation, and demonstrated security leadership owning outcomes across infrastructure, applications, and networks. 

• Minimum 3 years of hands-on experience in each of the following: designing and implementing identity and access management; designing and implementing endpoint detection and response solutions; developing and maintaining security policies aligned to NIST or ISO 27001 frameworks; and coordinating with external security vendors, SOCs, and managed security service providers. 

• Demonstrated experience conducting security risk assessments, vulnerability management, and threat analysis.  

• Demonstrated experience with incident response coordination, root cause analysis, and post-incident reviews.  

• Demonstrated experience with healthcare compliance frameworks including HIPAA Security Rule and HITECH requirements.  

• Experience in healthcare information technology or Federally Qualified Health Center (FQHC) environments preferred.   

LANGUAGE:

• Must be able to read and write English
• Ability to speak and/or understand Chinese (Cantonese or Mandarin) is an asset
• Must be able to read, write, and speak English fluently. 
• Ability to speak and/or understand Chinese (Cantonese or Mandarin) is an asset.

STATUS:

This is an FLSA exempt position.

This is not an OSHA high-risk position.