Information Security Architect II

Job Title

Information Security Architect II

VMC Main Campus, Renton, WA

Responsible for ensuring the confidentiality, integrity, and availability (CIA) of VMC computer systems and information to safeguard personnel and patient safety, while also maintaining compliance with HIPAA, PCI‑DSS, cybersecurity industry best practices, frameworks, and standards.

• Monitor all security solutions, investigate alerts, and respond to identified threats, incidents, and compromises.
• Monitor the ticket queue, provide first‑tier support, and escalated as needed.
• Provide excellent customer service and assist staff with access related issues.
• Offer certificate assistance to other teams.
• Document procedures and resources (notes, training, templates, knowledge bases, SOPs).
• Perform performance maintenance and patch management on security tools and databases.
• Provide IT policy guidance to help staff with security compliance.
• Configure, manage, and operate security tools including firewalls, AV, SIEMs, SEG, PKI, etc.
• Conduct internal risk assessments and recommend changes to procedures, systems, or infrastructure to enhance security.
• Research and recommend patching for known threats and zero‑day vulnerabilities.
• Research new technology requests and recommend appropriate security guidance.
• Provide security training and implement awareness campaigns.
• Assist and guide lower‑level analysts; receive instruction from higher‑level analysts and supervisor.

• Education:
  
  Master’s degree in computer science or related field plus 2 years industry experience;
  Bachelor’s degree plus 3 years;
  Associate’s degree plus 4 years; or 5 years industry experience.
• Current intermediate‑level information security certification (e.g., (ISC)2, Off Sec, EC‑Council, GIAC, CompTIA) required; additional certifications approved.
• Industry experience preferred as Cybersecurity Practitioner, SOC Analyst, Risk Assessment Auditor, Penetration Tester, Incident Response Handler, or Computer Forensics Investigator.
• Experience as Systems Administrator or Network Engineer (up to 3 years) considered.
• Working knowledge of scripting languages and automation (Python, Power Shell, etc.).
• Working knowledge of securing cloud computing and cloud services (Azure, AWS).
• Working knowledge of securing operating system environments (Windows, Mac, Linux).
• Working knowledge of securing networking, wireless, and virtual environments.
• Working knowledge of subnetting, segmentation, and zero‑trust zones.
• Professional experience with PKI/certificate authority and OpenSSL.
• Professional experience with SEG, NGFW, AV, and EDR.
• Professional experience with various SIEMs and SOC management.
• Professional experience with multi‑factor authentication implementation.
• Familiarity with security compliance standards (HIPAA, PCI‑DSS, GDPR, etc.).
• Familiarity with security frameworks (HITRUST, NIST, OWASP, ISO 27000, SANS CIS 20, STIGs, ITIL, etc.).
• Familiarity with the OSI model and TCP/IP protocol suite.
• Familiarity with vulnerability management and patch cycles.
• Familiarity with risk assessments, pen‑tests, tabletop exercises, BCDR, and change management.
• Familiarity with writing and implementing IT policy, CSIRT plans, and training & awareness programs.

• Ability to move items and equipment weighing up to 70 lbs.
• Ability to manage highly confidential information and remain autonomous or collaborative as needed.
• Strong focus, time‑management, and problem‑solving skills.
• Excellent communication with all organizational levels, including C‑level executives, auditors, and end users.
• Ability to stay current on cybersecurity events and zero‑day exploitations.