Security Architect

Job Description

The Security Architect provides critical security oversight, risk management and architectural guidance for a new technology platform we are implementing.  The large-scale implementation involves the complex migration of multiple in-house, on-premises applications to a third-party Healthcare Information Technology solution hosted in the cloud.  The architect will be instrumental in ensuring the confidentiality, integrity and availability of sensitive patient and corporate data throughout the migration and in the resulting cloud environment. 

This role requires a deep understanding of cloud security best practices, healthcare compliance standards (like HIPAA/HITECH), and a proven ability to translate complex business requirements into robust and scalable security architectures.  The Security Architect will report to Director of Security Architecture and Cloud Security.

*Please note this position will be hybrid (3 days in office & 2 days WFH).  The position can be based in one of the following locations; Secaucus, NJ,  Schaumburg, IL, Lenexa, KS, Addison, TX, or Tampa, FL.

Pay Range: $150 - $170/ year

Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications obtained. Market and organizational factors are also considered. Successful candidates may be eligible to receive annual performance bonus compensation.

Benefits Information:

We are proud to offer best-in-class benefits and programs to support employees and their families in living healthy, happy lives. Our pay and benefit plans have been designed to promote employee health in all respects – physical, financial, and developmental. Depending on whether it is a part-time or full-time position, some of the benefits offered may include:

• Day 1 Medical, supplemental health, dental & vision for FT employees who work 30+ hours
• Best-in-class well-being programs
• Annual, no-cost health assessment program Blueprint for Wellness®
• healthyMINDS mental health program
• Vacation and Health/Flex Time
• 6 Holidays plus 1 "MyDay" off
• FinFit financial coaching and services
• 401(k) pre-tax and/or Roth IRA with company match up to 5% after 12 months of service
• Employee stock purchase plan
• Life and disability insurance, plus buy-up option
• Flexible Spending Accounts
• Annual incentive plans
• Matching gifts program
• Education assistance through MyQuest for Education
• Career advancement opportunities
• and so much more!

Responsibilities:

Security Architecture and Design

• Validate, and if necessary, update the security architecture for the target cloud-based HIT environment, ensuring alignment with organizational security policies, industry best practices (e.g. NIST) and compliance frameworks.
• Evaluate the security posture of the third-party HIT solution and the underlying cloud infrastructure, identifying and documenting architectural gaps and control deficiencies.
• Develop security requirements and controls for application integration, data transfer, identity and access management, data encryption (in transit and at rest), network segmentation, and loging/monitoring within the cloud environment.
• Collaborate with project teams, application owners and the third-party vendor to ensure security is “built-in” from the initial planning and design phases. 

Risk Management and Compliance

• Collaborate with the Risk Management team to ensure security findings are documented and remediation plans are in place as discovered.
• Provide guidance on HIPAA Security and Privacy Rules, HITECH Act and other relevant regulations (e.g PCI-DSS) to ensure the solution meets all regulatory requirements for protecting sensitive data. 
• Define security metrics, reporting mechanisms, and audit trails to demonstrate ongoing compliance and security effectiveness.

Oversight and Consultation

• Serve as the primary security subject matter expert (SME) for the migration project, advising senior leadership and technical teams on security implications.
• Review and approve technical security configurations, including firewall rules, encryption key management, security information and event management (SIEM) integration, and access controls. 
• Work with the Risk Management team to incorporate security governance processes for the new environment. 

Qualifications:

Required:

• Minimum 7 years of progressive experience in IT security with at least 3 years focused on security architecture and design for complex enterprise-level systems.
• Cloud Security: Deep, hands-on experience security solutions in a major public cloud platform (AWS, Azure, and/or GCP). 
• Healthcare Compliance: Demonstrated expertise with HIPAA/HITECH and proven ability to design and implement controls required for PHI in a cloud environment.
• Strong knowledge of networking protocols, encryption techniques, zero-trust principles and cloud security guardrails.
• Proficiency in security-as-code and cloud native security tools (e.g. Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP).
• Excellent written and verbal communication skills, with the ability to articulate complex security concepts to both technical and non-technical audiences.

Preferred:

• Azure experience and certification.

Required:

• B.S. in Computer Science, Business Administration, Healthcare Administration or a related field or equivalent work experience.
• At least one cloud provider security certification (eg AWS Certified Security Specialty, Azure, Security Engineer, GCP Security) 
• Specialized cloud architecture/security bootcamps (cloud, security alliance)
• Training in security-as-code and cloud native security tools (e.g. Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP).
• Hybrid work environment 
• Travel: 20-30%

Preferred:

• Graduate degree in Computer Science or related field
• CISSP (Certified Information Systems Security Professional
• CCSP (Certified Cloud Security Professional)
• Platform-specific certifications (e.g. Azure Security Engineer Associate, AWS Certified Security – Specialty)

47478

Quest Diagnostics honors our service members and encourages veterans to apply.

While we appreciate and value our staffing partners, we do not accept unsolicited resumes from agencies. Quest will not be responsible for paying agency fees for any individual as to whom an agency has sent an unsolicited resume.

Equal Opportunity Employer: Race/Color/Sex/Sexual Orientation/Gender Identity/Religion/National Origin/Disability/Vets or any other legally protected status.