Job Description

BASIC FUNCTION:

The Senior Cybersecurity Engineer is responsible for safeguarding the client information systems, digital assets, and technology infrastructure. This role designs, deploys, and maintains advanced cybersecurity solutions that protect patient data, clinical systems, and enterprise applications. The Senior Cybersecurity Engineer ensures the client's technology environment remains secure, compliant, and resilient against emerging threats.

This position combines hands-on technical expertise with strategic leadership, driving initiatives that enhance cybersecurity maturity and operational readiness across on-premises, hybrid, and cloud environments (e.g., Azure, AWS). The role is pivotal in incident response, risk management, and ongoing improvement of security controls in alignment with hospital policies and regulatory standards such as HIPAA, NIST 800-53, and ISO/IEC 27001.

Salary: $130-140k

Employment Type: Full-time, direct hire

Location: Onsite 3 days/week, remote 2 days/week in Washington DC

SUPERVISORY ACCOUNTABILITIES:

This role does not have direct supervisory responsibility but may provide technical guidance and mentorship to junior cybersecurity staff, contractors, and project teams. The Senior Cybersecurity Engineer may lead cross-functional implementation teams and coordinate security initiatives with other IT departments.

NATURE AND SCOPE:

Operating in a fast-paced, high-impact healthcare technology environment, the Senior Cybersecurity Engineer reports to the Senior Director of Cybersecurity and collaborates with colleagues across Technology Services, including Infrastructure, Applications, Network Operations, and Compliance.

Internal contacts include hospital administrators, clinical and research staff, faculty, and IT personnel. External contacts include technology vendors, auditors, and regulatory agencies. The role requires strong analytical skills, proactive threat awareness, and the ability to balance operational needs with strategic security objectives in a mission-critical healthcare setting.

PRINCIPAL ACCOUNTABILITIES:

Security Operations & Incident Response

• Monitor, analyze, and respond to security alerts, incidents, and anomalies across hospital systems.
• Conduct vulnerability assessments, penetration tests, and threat-hunting activities to identify and mitigate risks.
• Investigate and document security incidents, performing root cause analyses and recommending remediation measures.
• Utilize SIEM, EDR, and IDS/IPS platforms (e.g., CrowdStrike, Microsoft Sentinel) to enhance continuous monitoring.

Security Engineering & Architecture

• Design, implement, and manage enterprise cybersecurity controls, including firewalls, NAC, DLP, CASB, and endpoint protection systems.
• Support secure configuration management using CIS Benchmarks and STIGs.
• Implement and maintain identity and access management (IAM), multifactor authentication (MFA), and privileged access controls.
• Integrate security practices into DevOps processes and CI/CD pipelines (DevSecOps).
• Support the adoption and enforcement of Zero Trust Architecture principles across hybrid and cloud environments.

Governance, Risk, and Compliance

• Ensure adherence to cybersecurity frameworks and regulatory standards, including HIPAA, NIST 800-53, ISO/IEC 27001, PCI DSS, and GDPR.
• Contribute to the creation and maintenance of security policies, procedures, and documentation.
• Support internal and external audits, risk assessments, and compliance reviews.
• Participate in disaster recovery and business continuity planning activities.

Collaboration, Training, and Awareness

• Collaborate with IT, Compliance, and Clinical Operations to integrate security into all technology operations.
• Provide mentorship and technical guidance to IT staff and cybersecurity personnel.
• Develop and deliver training on secure computing, phishing prevention, and data protection best practices.
• Communicate complex technical concepts clearly to diverse audiences, promoting shared responsibility for security.

CORE COMPETENCIES:

• Strategic Thinking: Align cybersecurity initiatives with hospital priorities and risk management goals.
• Technical Expertise: Deep knowledge of enterprise and cloud security controls, architectures, and technologies.
• Incident Response: Skilled in threat analysis, vulnerability mitigation, and incident management.
• Collaboration: Strong interpersonal and communication skills for cross-departmental teamwork.
• Innovation: Ability to evaluate emerging tools, techniques, and threat intelligence for proactive defense.
• Compliance Knowledge: Familiarity with HIPAA, NIST, ISO 27001, PCI DSS, and related standards.
• Problem Solving: Detail-oriented and methodical approach to resolving complex security challenges.
• Adaptability: Capable of managing multiple priorities and responding quickly to evolving threats.

MINIMUM REQUIREMENTS:

Education:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field required.
• Master’s degree in Business Administration, Cybersecurity, or related discipline preferred.

Experience:

• 7–10 years of progressive experience in information security, with at least 5 years in a security engineering role.
• Proven experience securing hybrid infrastructures, including on-premises systems and cloud environments (Azure, AWS, GCP).
• Hands-on expertise with enterprise tools such as Microsoft Defender Suite, Cisco ISE, CrowdStrike Falcon, and Azure Sentinel.
• Proficiency in scripting languages (e.g., PowerShell, Python) for automation and threat analysis.

Certifications (one or more preferred):

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CCSP (Certified Cloud Security Professional)
• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate
• SABSA or TOGAF (preferred)

Job Tags

Similar Jobs