Sr. Cybersecurity Engineer (Network Security)

We’re a physician-led, patient-centric network committed to simplifying health care and bringing a more connected kind of care.

Our primary, multispecialty, and urgent care providers serve millions of patients in traditional practices, patients' homes and virtually through VillageMD and our operating companies Village Medical, Village Medical at Home, Summit Health, CityMD, and Starling Physicians.

When you join our team, you become part of a compassionate community of people who work hard every day to make health care better for all. We are innovating value-based care and leveraging integrated applications, population insights and staffing expertise to ensure all patients have access to high-quality, connected care services that provide better outcomes at a reduced total cost of care.

Please Note: We will only contact candidates regarding your applications from one of the following domains: @summithealth.com, @citymd.net, @villagemd.com, @villagemedical.com, @westmedgroup.com, @starlingphysicians.com, or @bmctotalcare.com.

Position Overview

The Senior Network Security Engineer is responsible for all levels of network security engineering and architecture in advancement of strategic information security goals. The successful candidate will lead design, development, and daily management activities across an array of security platforms and technologies.

Core Responsibilities

• Responsible for the overall development, design, implementation, and operational administration of the Summit Network Security program.
• Works as part of a larger team that defines network security architecture, roadmap, and related technical standards in alignment with security best practices.
• Implements technical network security controls in advancement of information security objectives as defined by the Office of the CISO. 
• Plans, develops, and executes upgrades of corporate network security appliances.
• Responsible for daily firewall and network administration in support of business objectives.
• Acts as lead subject matter expert in an outage event to troubleshoot/restore network services while keeping management informed. Performs root cause analysis and presents both findings and solutions to prevent the outage from occurring again.
• Leads/assists in multiple projects that encompass multiple enterprise networks.
• Partners with information technology and cyber security teams to deliver shared outcomes that measurably improve our ability to prevent, detect, and respond to network-based threats.
• Shares lessons learned and opportunities for hardening systems and applications to management.

Experience and Qualifications

• Minimum of 7+ years’ experience in network engineering & network security  
• Excellent understanding of cybersecurity organizational practices, operations risk management processes, architectural requirements, and network security risk reduction.
• Able to demonstrate a strong understanding across a wide variety of network security technologies including firewalls, NAC (802.1x), networking, and VPN (Remote Access and point to point, IPSEC / GRE).
• Proven expertise with NAC platforms, including implementation experience and operational support with Cisco ISE, ForeScout or FortiNAC.
• Strong grasp of NAC related technologies and concepts, including authentication configurations, TACACS+, DACLs, PKI, EAP-TLS.
• Able to demonstrate a strong understanding of static and dynamic routing protocols, wireless authentication technologies, cloud networking concepts.
• Proven management experience in two or more of the following platforms: Palo Alto Firewalls, Fortinet FortiGate, Cisco FTD.
• High proficiency with firewall administration, including firewall policy management, policy assessment and review, log analysis, traffic management (including troubleshooting and triage), appliance and management platform upgrade procedures.
• Demonstrated ability to map regulatory compliance requirements (PCI-DSS, HIPAA, HITRUST etc.) into technical network security controls.
• Familiarity with security control frameworks (NIST, CIS, etc.) and how they relate to operational network security controls.
• Preferred: SD-WAN implementation experience from any of the following vendors: Cisco (Viptela), CloudGenix, VeloCloud.
• Preferred: Zscaler Private Access / Zscaler Internet Access implementation experience.
• Preferred: Datacenter segmentation technologies such as VMWare NSX-T, Cisco ACI.
• Preferred: Public cloud platforms such as Azure, AWS, or GCP.

Personal Traits

• Results oriented with proven ability to mobilize and energize large, complex cross-functional teams to drive down organizational risk through implementation of technical controls.
• Able to self-start and complete projects and perform daily tasks w/minimal supervision.
• Capable of working under pressure in a continually changing fast paced environment.
• Ability to effectively collaborate with stakeholders across a large enterprise environment.
• Strong written and verbal communication skills.
• Strong analytical and problem-solving skills.
• Highly organized, capable of understanding large amounts of data, identifying significant risks applicable to Summit business operations, and consolidating that information into easy-to-understand summaries. Tracks information and develops strategies to remediate risks.

Preferred Professional Certifications

NSE4 (Fortinet), PCNSA (Palo Alto), CyberOps (Cisco), Certified Information Systems Security Professional, (CISSP) Certified Ethical Hacker, (CEH) GIAC Security Essentials Certifications, Global Information Assurance Certification, Forensics certifications.

Total Rewards at VillageMD

Our team members are essential to our mission to reshape healthcare through the power of connection. VillageMD highly values the critical role that health and wellness play in the lives of our team members and their families.  Participation in VillageMD’s benefit platform includes Medical, Dental, Life, Disability, Vision, FSA coverages and a 401k savings plan.

Equal Opportunity Employer

Our Company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to, and does not discriminate on the basis of, race, color, religion, creed, gender/sex, sexual orientation, gender identity and expression (including transgender status), national origin, ancestry, citizenship status, age, disability, genetic information, marital status, pregnancy, military status, veteran status, or any other characteristic protected by applicable federal, state, and local laws.

Safety Disclaimer

Our Company cares about the safety of our employees and applicants. Our Company does not use chat rooms for job searches or communications. Our Company will never request personal information via informal chat platforms or unsecure email. Our Company will never ask for money or an exchange of money, banking or other personal information prior to the in-person interview. Be aware of potential scams while job seeking. Interviews are conducted at select Our Company locations during regular business hours only. For information on job scams, visit, https://www.consumer.ftc.gov/JobScams or file a complaint at https://www.ftccomplaintassistant.gov/.