Network Security Architect
Lifepoint Health® · Brentwood, TN · 3 wk ago
HybridInformation TechnologyFull-time
Job Summary
The Network Security Architect is responsible for designing, governing, and continuously improving enterprise-grade network security architectures across on-premises, cloud, and hybrid environments. This role provides strategic and technical leadership across multi-vendor security platforms, including Palo Alto Networks, Cisco Meraki, and cloud-delivered security services, spanning firewall architecture, network segmentation, and zero trust in a large, geographically distributed healthcare environment.Key Responsibilities
- Architecture & Design
- Lead the architecture, design, and standardization of multi-vendor network security solutions spanning NGFW, cloud-delivered security, and network access control.
- Define secure network architectures for data centers, Azure/GCP cloud environments, branch/facility sites, and hybrid connectivity models.
- Design network segmentation, micro segmentation, zero trust, and least-privilege architectures aligned and enterprise security frameworks.
- Develop and maintain reference architectures, design standards, technical roadmaps, and reusable security architecture patterns.
- Evaluate emerging network security technologies and provide adoption recommendations integrated into the enterprise security strategy.
- Define and govern network security requirements for new facility onboarding, acquisitions, and infrastructure modernization initiatives.
- Multi-Vendor Platform Leadership
- Palo Alto Networks
- Define and govern security policy architecture across the Palo Alto platform: zone design, App-ID/User-ID enforcement, threat prevention profiles, URL filtering, DNS Security, and WildFire integration.
- Arcitect Panorama-managed policy structures, including device group hierarchy, shared policy design, and rule base standards, to enforce consistent security posture across managed firewalls.
- Lead security-focused platform migrations from legacy firewall environments to Palo Alto NGFW, ensuring policy intent and threat coverage are preserved and improved.
- Arcitect Prisma Access deployments for mobile user and branch security: security policy enforcement, threat inspection, identity integration, and cloud-delivered service chaining.
- Cisco Meraki
- Architect security enforcement across Cisco Meraki MX security appliances: threat prevention, content filtering, IDS/IPS, and site-to-site VPN design for campus and branch environments.
- Integrate Meraki security controls with the broader security stack, including SIEM and identity systems, to achieve unified threat visibility and policy enforcement.
- Translate regulatory and compliance requirements applicable to healthcare IT environments into network security architecture decisions, design standards, and control implementations.
- Apply recognized security frameworks, including NIST Cybersecurity Framework, NIST SP 800-53, and CIS Controls, to assess current-state security posture, identify gaps, and prioritize architecture improvements.
- Implement zero trust architecture principles, driving maturity assessment and phased adoption across network segmentation, identity enforcement, and device trust.
- Define and enforce network security standards, architecture exception processes, and change governance procedures; conduct architecture reviews and risk assessments to support ongoing governance.
- Support internal audits, regulatory assessments, and third-party security reviews, providing network architecture documentation, evidence, and remediation roadmaps.
- Serve as the primary technical authority and advisor for network security architecture across the organization.
- Partner with Network Engineering, Security Operations, Cloud, and Application teams on design reviews, security integration, and incident response support.
- Review and approve technical designs, change requests, and architecture exception requests.
- Mentor network security engineers and contribute to engineering standards, design templates, and operational runbooks.
- Present architecture proposals, risk findings, and strategic recommendations to both technical teams and senior leadership.
Required Qualifications
- 7+ years of experience in network security engineering, network architecture, or infrastructure architecture roles.
- Demonstrated architect-level experience with Palo Alto Networks technologies (NGFW, Panorama, Prisma) with depth in Palo Alto expected; multi-vendor breadth is a strong plus, not a disqualifier.
- Strong expertise in NGFW policy architecture and rule base design; network segmentation and zero trust principles; routing protocols, switching, VPNs, and encrypted traffic inspection; cloud network security (Azure preferred).
- Experience designing security solutions for large, geographically distributed enterprise environments.
- Working knowledge of healthcare compliance requirements (HIPAA) or equivalent regulated-industry security design experience.
- Strong documentation skills; ability to produce architecture diagrams, design standards, and stakeholder-ready presentations.
Preferred Qualifications
- Certifications
- Palo Alto Networks: Specialist/Architect tier certifications
- Cisco: CCNP Security, CCIE Security, or Cisco Meraki certifications
- Domain Experience
- Healthcare IT with multi-facility, geographically distributed network environments
- M&A integration: assessing, onboarding, and remediating acquired entity network environments
- Network forensics and incident response support from an architecture perspective
- Wireless security architecture for clinical and IoT environments (medical device network segmentation)
- Soft Skills
- Strategic architectural thinking with the ability to translate complex business and regulatory requirements into security designs.
- Ability to balance security rigor, operational performance, and business enablement making pragmatic risk-based decisions.
- Comfortable presenting technical designs and risk tradeoffs to both engineering teams and senior leadership.
- Proven ability to influence and drive alignment across cross-functional teams without direct authority.
- Self-directed with strong prioritization skills in a complex, fast-paced healthcare environment.
- Collaborative mindset: sees security architecture as an enabler, not a blocker.