Security Architect

WeCare Medical Specialty Group is a leading healthcare organization committed to providing exceptional and compassionate care to our patients. We leverage innovative technologies to enhance patient outcomes, streamline operations, and ensure the security and privacy of sensitive healthcare information. As we continue to expand our digital footprint and embrace remote work, we are seeking a highly skilled and experienced Remote Security Architect to play a crucial role in designing, implementing, and maintaining our robust security posture.

Position Overview:

We are seeking a proactive and detail-oriented Remote Security Architect to be a key contributor to our technology and security strategy. Reporting to the Chief Information Security Officer (CISO), you will be responsible for defining and implementing the security architecture across our diverse systems, applications, and infrastructure. You will collaborate closely with IT teams, development teams, and business stakeholders to ensure that security is integrated into every stage of our technology lifecycle. This is a fully remote position, offering the flexibility to work from anywhere within the United States.

Responsibilities:

Security Architecture Design and Implementation: Design and develop secure and scalable architectures for cloud-based and on-premise systems, applications, and networks, aligning with industry best practices and regulatory requirements (e.g., HIPAA, NIST, ISO 27001).

Threat Modeling and Risk Assessment: Conduct thorough threat modeling exercises and risk assessments to identify potential vulnerabilities and develop mitigation strategies.

Security Policy and Standards Development: Define, document, and maintain security policies, standards, and guidelines to ensure a consistent and effective security framework across the organization.

Security Technology Evaluation and Selection: Evaluate and recommend security technologies and tools to enhance our security posture, including but not limited to firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, data loss prevention (DLP), security information and event management (SIEM), and vulnerability management solutions.

Cloud Security Expertise: Possess deep understanding and practical experience in securing cloud environments (e.g., AWS, Azure, GCP), including identity and access management, network security, data protection, and compliance.

Security Integration and Automation: Develop and implement security controls and processes that can be integrated and automated within the existing IT infrastructure and development pipelines (DevSecOps).

Incident Response Planning and Support: Participate in the development and execution of incident response plans, providing technical expertise during security incidents.

Vulnerability Management: Oversee and contribute to the vulnerability management program, including scanning, analysis, remediation, and reporting.

Security Awareness and Training: Contribute to the development and delivery of security awareness training programs for employees.

Compliance and Audit Support: Assist with security audits and compliance efforts, providing technical documentation and expertise as needed.

Collaboration and Communication: Effectively communicate security risks, recommendations, and best practices to technical and non-technical stakeholders. Collaborate effectively with cross-functional teams to implement security solutions.

Continuous Learning: Stay abreast of the latest security threats, trends, and technologies, and proactively recommend enhancements to our security posture.

Qualifications:

Bachelor's degree in Computer Science, Information Security, or a related field. Equivalent experience and relevant certifications will be considered.

Minimum of 3-5 years of progressive experience in information security, with a focus on security architecture.

Proven experience in designing and implementing security solutions in complex and hybrid environments.

Deep understanding of security principles, frameworks, and best practices (e.g., Zero Trust, defense in depth).

Strong knowledge of network security concepts, protocols, and technologies.

Hands-on experience with a variety of security tools and technologies.

Excellent understanding of cloud security principles and best practices for at least one major cloud platform (AWS, Azure, GCP).

Experience with scripting languages (e.g., Python, PowerShell) for automation and security tasks is a plus.

Strong analytical and problem-solving skills with a meticulous attention to detail.

Excellent communication, presentation, and interpersonal skills.

Ability to work independently and effectively in a remote environment.

Relevant security certifications such as CISSP, CISM, CCSP, or vendor-specific cloud security certifications are highly desirable.

Experience within the healthcare industry and familiarity with HIPAA regulations is a significant advantage.

Eligibility Requirement:

Must possess a valid United States work permit or be a United States citizen. WeCare Medical Specialty Group is unable to sponsor work visas for this position at this time.

What We Offer:

Competitive salary and comprehensive benefits package.

Opportunity to work remotely and enjoy work-life balance.

A collaborative and supportive work environment.

Opportunities for professional growth and development.

The chance to make a meaningful impact on the security and privacy of healthcare information.

WeCare Medical Specialty Group is an Equal Opportunity Employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.