Network Security Architect
Listed on 2026-06-20
-
IT/Tech
Cybersecurity, Systems Engineer, Network Security
EEOC Statement
Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment.
You must be authorized to work in the United States without employer sponsorship.
This Position is:
Hybrid (Brentwood, TN)
Travel Requirements:
Travel up to 25% (To facilities)
The Network Security Architect is responsible for designing, governing, and continuously improving enterprise‑grade network security architectures across on‑premises, cloud, and hybrid environments. This role provides strategic and technical leadership across multi‑vendor security platforms, including Palo Alto Networks, Cisco Meraki, and cloud‑delivered security services, spanning firewall architecture, network segmentation, and zero trust in a large, geographically distributed healthcare environment.
The architect partners closely with Infrastructure, Cloud Operations, Security Operations, and Application teams to deliver scalable, resilient, and compliant network security designs that protect patient data, support business continuity, and align with regulatory obligations including HIPAA. This is a senior individual contributor and technical leadership role with significant influence over architecture direction, engineering standards, and vendor strategy.
Key Responsibilities Architecture & DesignLead the architecture, design, and standardization of multi‑vendor network security solutions spanning NGFW, cloud‑delivered security, and network access control.
Define secure network architectures for data centers, Azure/GCP cloud environments, branch/facility sites, and hybrid connectivity models.
Design network segmentation, micro segmentation, zero trust, and least‑privilege architectures aligned and enterprise security frameworks.
Develop and maintain reference architectures, design standards, technical roadmaps, and reusable security architecture patterns.
Evaluate emerging network security technologies and provide adoption recommendations integrated into the enterprise security strategy.
Define and govern network security requirements for new facility onboarding, acquisitions, and infrastructure modernization initiatives.
Define and govern security policy architecture across the Palo Alto platform: zone design, App‑/User‑t, threat prevention profiles, URL filtering, DNS Security, and Wild Fire integration.
Architect Panorama‑managed policy structures, including device group hierarchy, shared policy design, and rule base standards, to enforce consistent security posture across managed firewalls.
Lead security‑focused platform migrations from legacy firewall environments to Palo Alto NGFW, ensuring policy intent and threat coverage are preserved and improved.
Architect Prisma Access deployments for mobile user and branch security: security policy enforcement, threat inspection, identity integration, and cloud‑delivered service chaining.
Architect security enforcement across Cisco Meraki MX security appliances: threat prevention, content filtering, IDS/IPS, and site‑to‑site VPN design for campus and branch environments.
Integrate Meraki security controls with the broader security stack, including SIEM and identity systems, to achieve unified threat visibility and policy enforcement.
Translate regulatory and compliance requirements applicable to healthcare IT environments into network security architecture decisions, design standards, and control implementations.
Apply recognized security frameworks, including NIST Cybersecurity Framework, NIST SP 800‑53, and CIS Controls, to assess current‑state security posture, identify gaps, and prioritize architecture improvements.
Implement zero trust architecture principles, driving maturity assessment and phased adoption across network segmentation, identity enforcement, and device trust.
Define and enforce network security standards, architecture exception processes, and change governance procedures; conduct architecture…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).