Network Security Architect

EEOC Statement

Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment.

You must be authorized to work in the United States without employer sponsorship.

This Position is: On-site (Brentwood TN)

Travel Requirements: Travel up to 10% (To facilities)

Job Summary

The Network Security Architect is responsible for designing governing and continuously improving enterprise-grade network security architectures across on-premises cloud and hybrid environments. This role provides strategic and technical leadership across multi-vendor security platforms including Palo Alto Networks Cisco Meraki and cloud-delivered security services spanning firewall architecture network segmentation and zero trust in a large geographically distributed healthcare environment.

The architect partners closely with Infrastructure Cloud Operations Security Operations and Application teams to deliver scalable resilient and compliant network security designs that protect patient data support business continuity and align with regulatory obligations including HIPAA. This is a senior individual contributor and technical leadership role with significant influence over architecture direction engineering standards and vendor strategy.

Key Responsibilities

Architecture & Design

• Lead the architecture design and standardization of multi-vendor network security solutions spanning NGFW cloud-delivered security and network access control.

• Define secure network architectures for data centers Azure/GCP cloud environments branch/facility sites and hybrid connectivity models.

• Design network segmentation microsegmentation zero trust and least-privilege architectures aligned and enterprise security frameworks.

• Develop and maintain reference architectures design standards technical roadmaps and reusable security architecture patterns.

• Evaluate emerging network security technologies and provide adoption recommendations integrated into the enterprise security strategy.

• Define and govern network security requirements for new facility onboarding acquisitions and infrastructure modernization initiatives.

Multi-Vendor Platform Leadership

Palo Alto Networks

• Define and govern security policy architecture across the Palo Alto platform: zone design App-ID/User-ID enforcement threat prevention profiles URL filtering DNS Security and WildFire integration.

• Architect Panorama-managed policy structures including device group hierarchy shared policy design and rule base standards to enforce consistent security posture across managed firewalls.

• Lead security-focused platform migrations from legacy firewall environments to Palo Alto NGFW ensuring policy intent and threat coverage are preserved and improved.

• Architect Prisma Access deployments for mobile user and branch security: security policy enforcement threat inspection identity integration and cloud-delivered service chaining.

Cisco Meraki

• Architect security enforcement across Cisco Meraki MX security appliances: threat prevention content filtering IDS/IPS and site-to-site VPN design for campus and branch environments.

• Integrate Meraki security controls with the broader security stack including SIEM and identity systems to achieve unified threat visibility and policy enforcement.

Compliance Governance & Security Frameworks

• Translate regulatory and compliance requirements applicable to healthcare IT environments into network security architecture decisions design standards and control implementations.

• Apply recognized security frameworks including NIST Cybersecurity Framework NIST SP 800-53 and CIS Controls to assess current-state security posture identify gaps and prioritize architecture improvements.

• Implement zero trust architecture principles driving maturity assessment and phased adoption across network segmentation identity enforcement and device trust.

• Define and enforce network security standards architecture exception processes and change governance procedures; conduct architecture reviews and risk assessments to support ongoing governance.

• Support internal audits regulatory assessments and third-party security reviews providing network architecture documentation evidence and remediation roadmaps.

Collaboration & Leadership

• Serve as the primary technical authority and advisor for network security architecture across the organization.

• Partner with Network Engineering Security Operations Cloud and Application teams on design reviews security integration and incident response support.

• Review and approve technical designs change requests and architecture exception requests.

• Mentor network security engineers and contribute to engineering standards design templates and operational runbooks.

• Present architecture proposals risk findings and strategic recommendations to both technical teams and senior leadership.

Required Qualifications

• 7 years of experience in network security engineering network architecture or infrastructure architecture roles.

• Demonstrated architect-level experience with Palo Alto Networks technologies (NGFW Panorama Prisma) with depth in Palo Alto expected; multi-vendor breadth is a strong plus not a disqualifier.

• Strong expertise in NGFW policy architecture and rule base design; network segmentation and zero trust principles; routing protocols switching VPNs and encrypted traffic inspection; cloud network security (Azure preferred).

• Experience designing security solutions for large geographically distributed enterprise environments.

• Working knowledge of healthcare compliance requirements (HIPAA) or equivalent regulated-industry security design experience.

• Strong documentation skills; ability to produce architecture diagrams design standards and stakeholder-ready presentations.

Preferred Qualifications

Certifications

• Palo Alto Networks: Specialist/Architect tier certifications

• Cisco: CCNP Security CCIE Security or Cisco Meraki certifications

Domain Experience

• Healthcare IT with multi-facility geographically distributed network environments

• M&A integration: assessing onboarding and remediating acquired entity network environments

• Network forensics and incident response support from an architecture perspective

• Wireless security architecture for clinical and IoT environments (medical device network segmentation)

Soft Skills

• Strategic architectural thinking with the ability to translate complex business and regulatory requirements into security designs.

• Ability to balance security rigor operational performance and business enablement making pragmatic risk-based decisions.

• Comfortable presenting technical designs and risk tradeoffs to both engineering teams and senior leadership.

• Proven ability to influence and drive alignment across cross-functional teams without direct authority.

• Self-directed with strong prioritization skills in a complex fast-paced healthcare environment.

• Collaborative mindset: sees security architecture as an enabler not a blocker.