Network Security Architect

About The Position

Requirements

• 7+ years of experience in network security engineering, network architecture, or infrastructure architecture roles.
• Demonstrated architect-level experience with Palo Alto Networks technologies (NGFW, Panorama, Prisma) with depth in Palo Alto expected; multi-vendor breadth is a strong plus, not a disqualifier.
• Strong expertise in NGFW policy architecture and rule base design; network segmentation and zero trust principles; routing protocols, switching, VPNs, and encrypted traffic inspection; cloud network security (Azure preferred).
• Experience designing security solutions for large, geographically distributed enterprise environments.
• Working knowledge of healthcare compliance requirements (HIPAA) or equivalent regulated-industry security design experience.
• Strong documentation skills; ability to produce architecture diagrams, design standards, and stakeholder-ready presentations.

Nice To Haves

• Palo Alto Networks: Specialist/Architect tier certifications
• Cisco: CCNP Security, CCIE Security, or Cisco Meraki certifications
• Healthcare IT with multi-facility, geographically distributed network environments
• M&A integration: assessing, onboarding, and remediating acquired entity network environments
• Network forensics and incident response support from an architecture perspective
• Wireless security architecture for clinical and IoT environments (medical device network segmentation)
• Strategic architectural thinking with the ability to translate complex business and regulatory requirements into security designs.
• Ability to balance security rigor, operational performance, and business enablement making pragmatic risk-based decisions.
• Comfortable presenting technical designs and risk tradeoffs to both engineering teams and senior leadership.
• Proven ability to influence and drive alignment across cross-functional teams without direct authority.
• Self-directed with strong prioritization skills in a complex, fast-paced healthcare environment.
• Collaborative mindset: sees security architecture as an enabler, not a blocker.

Responsibilities

• Lead the architecture, design, and standardization of multi-vendor network security solutions spanning NGFW, cloud-delivered security, and network access control.
• Define secure network architectures for data centers, Azure/GCP cloud environments, branch/facility sites, and hybrid connectivity models.
• Design network segmentation, microsegmentation, zero trust, and least-privilege architectures aligned and enterprise security frameworks.
• Develop and maintain reference architectures, design standards, technical roadmaps, and reusable security architecture patterns.
• Evaluate emerging network security technologies and provide adoption recommendations integrated into the enterprise security strategy.
• Define and govern network security requirements for new facility onboarding, acquisitions, and infrastructure modernization initiatives.
• Define and govern security policy architecture across the Palo Alto platform: zone design, App-ID/User-ID enforcement, threat prevention profiles, URL filtering, DNS Security, and WildFire integration.
• Architect Panorama-managed policy structures, including device group hierarchy, shared policy design, and rule base standards, to enforce consistent security posture across managed firewalls.
• Lead security-focused platform migrations from legacy firewall environments to Palo Alto NGFW, ensuring policy intent and threat coverage are preserved and improved.
• Architect Prisma Access deployments for mobile user and branch security: security policy enforcement, threat inspection, identity integration, and cloud-delivered service chaining.
• Architect security enforcement across Cisco Meraki MX security appliances: threat prevention, content filtering, IDS/IPS, and site-to-site VPN design for campus and branch environments.
• Integrate Meraki security controls with the broader security stack, including SIEM and identity systems, to achieve unified threat visibility and policy enforcement.
• Translate regulatory and compliance requirements applicable to healthcare IT environments into network security architecture decisions, design standards, and control implementations.
• Apply recognized security frameworks, including NIST Cybersecurity Framework, NIST SP 800-53, and CIS Controls, to assess current-state security posture, identify gaps, and prioritize architecture improvements.
• Implement zero trust architecture principles, driving maturity assessment and phased adoption across network segmentation, identity enforcement, and device trust.
• Define and enforce network security standards, architecture exception processes, and change governance procedures; conduct architecture reviews and risk assessments to support ongoing governance.
• Support internal audits, regulatory assessments, and third-party security reviews, providing network architecture documentation, evidence, and remediation roadmaps.
• Serve as the primary technical authority and advisor for network security architecture across the organization.
• Partner with Network Engineering, Security Operations, Cloud, and Application teams on design reviews, security integration, and incident response support.
• Review and approve technical designs, change requests, and architecture exception requests.
• Mentor network security engineers and contribute to engineering standards, design templates, and operational runbooks.
• Present architecture proposals, risk findings, and strategic recommendations to both technical teams and senior leadership.