The Senior Security Engineer is responsible for maintaining the Confidentiality, Integrity, and Availability of the organization’s sensitive data and supporting IT infrastructure and applications. This person supports strategic information technology initiatives across the growing EyeCare Partners enterprise landscape. This role will collaborate with IT engineering and ECP business teams to analyze and mitigate cybersecurity risks in enterprise strategic initiatives, design and lead the implementation of strategic on premise / cloud security capabilities for the IT organization, and will serve as a primary advocate of the implementation and adherence of security principles and best practices for the organization.

Responsibilities:

• Lead the charge in designing and implementing on premise and cloud security strategies, system and application security controls, and security infrastructure solutions following industry best practices
• Determine security requirements by evaluating business strategies and requirements; researching information security standards; and conducting system security threat model reviews
• Partner with other enterprise teams on the creation of artifacts for security functions, including application and network architecture patterns, identity and access management requirements, and medical device system security.
• Lead strategic design around public/private/hybrid cloud security, including IaaS, PaaS, & SaaS
• Ensure all acquired or developed systems and applications are consistent with enterprise security guidelines and compliance regulations
• Identify areas of improvement in the process, capability, and engineering space and work with security product vendors to integrate improvements into our strategic roadmap
• Assess new and existing IT application and infrastructure implementations, identifying security issues, misconfigurations and assist in prioritizing fixes/remediation

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field preferred, or equivalent combination of education, training, and work experience
• 5 - 7+ years of experience designing, developing, and implementing “best of class” enterprise IT security solutions. 
• CISSP, CEH, GIAC or other relevant cybersecurity certification preferred
• Advanced knowledge of security capabilities and constraints related to deploying on premise hosted, cloud native, and multi-cloud applications and infrastructure
• Extensive experience in the introduction and oversight of general security practices such as identity and access management (IAM), business continuity/disaster recovery, multi-factor authentication, security information and event management (SIEM), and supporting technologies
• Knowledge and experience across IT infrastructure with security frameworks, standards, and regulations such as ISO 27001, NIST RMF, & HIPAA/HITECH
• Ability to distill complex security threats and risks into simple terms for non-technical stakeholders.
• Experience with risk-based testing and/or manual assessment of architecture and infrastructure configuration, including leading and / or carrying out risk and vulnerability assessments (penetration testing, etc.) 
• Applied knowledge of healthcare industry preferred, but not required