Solutions Architect MIT

City/State: Yonkers, New York

Grant Funded: No

Department: IT - Technology & Cloud Services

Work Shift: Day

Work Days: MON-FRI

Scheduled

Hours:

8 AM-5:30 PM

Scheduled Daily

Hours:

8.5 HOURS

Pay Range: $-$

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, procedures, and approaches to patient care, producing stellar outcomes and raising the bar for academic medical centers in the region and around the world. Our work to improve health outcomes in underserved communities is unparalleled in the United States.

Our workforce is among the most diverse in the US:
Montefiore associates speak 60+ languages.

As Montefiore has built paths to deliver lifesaving health outcomes to underserved communities, we are looking to the future of tech-enabled care delivery to create better experiences for patients, providers, and operations teams. Montefiore is actively investing in its technology teams as a system-level priority. We are seeking a Cloud Cybersecurity Architect.

The Cloud Cybersecurity Architect is responsible for designing, validating, and governing secure cloud architectures across AWS and Azure. This role reviews designs and operations from a cybersecurity architecture and operations perspective and will work closely with risk, compliance and policy teams within the Cybersecurity team-covering PHI/PII protection, identity, network segmentation, data security, monitoring, incident response, and gathering evidence for audit requests from the Cyber team.

The Architect partners with Cloud Engineering, Security Operations, Cybersecurity, Networking, Cyber Compliance/GRC, and clinical application teams (e.g., EHR/VDI/PACS) to ensure secure-by-default, audit-ready platforms that meet HIPAA, HITECH, and HITRUST requirements while enabling delivery velocity and cost efficiency.

A combination of education, experience, and training should qualify the candidate.

• Preferred: CISSP, CCSP, CCSK, or HITRUST CCSFP
• Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer (AZ-500), SC-100)
• Bonus: GIAC (GCSA, GCPN, GCIH), CISM

The Cloud Cybersecurity Architect leads the definition and validation of cloud security controls, ensures compliance with healthcare regulations at the direction of the Cybersecurity team and reduces risk via secure reference architectures, guardrails, and automated checks embedded in pipelines and making sure standards such as CIS are applied and maintained.

• AWS Organizational Governance:
  Service Control Policies (SCP) design, multi-account patterns, delegated admin setups.
• Logging & Audit Foundations:
  Org Cloud Trail, AWS Config aggregator, S3 log archive hardening, Guard Duty, Security Hub.
• CSPM / CNAPP Operations(Wiz.io):
  Onboarding accounts/resources, tuning posture policies, integrating with ticketing and log routing (e.g., Cribl/SIEM).
• Infrastructure as Code:
  Terraform modules, reusable patterns, policy-as-code integration, CI scanning.
• Vulnerability & Risk Prioritization:
  Combining CVSS, exploit context, asset criticality, and signal sources into severity logic.
• Automation & Scripting:
  Python (boto3), AWS CLI, shell tooling for validation, evidence export, reporting.
• Identity & Access: IAM least privilege, cross-account role assumptions, permission boundaries, automation roles.
• Observability / Data Routing (Plus):
  Cribl / Firehose / Kinesis or equivalent pipeline familiarity.
• Compliance Awareness: HIPAA safeguard themes (auditability, access control, data protection, etc).
• Metrics & Reporting:
  Designing & extracting KPIs (coverage %, MTTR, SLA compliance, control efficacy).
• Define secure, compliant reference architectures (landing zones, IAM, network segmentation, encryption, logging/monitoring, backup/DR).
• Work with the Cyberteam on the above to ensure they meet their requirements, standards and policies and that they are included and in all designs and sign off on them.
• Review and approve solution designs and changes through an architecture review process; perform threat modeling and risk assessments in clode coordination with the Cyber and enterprise Architecture teams and processes.
• Map HIPAA/HITECH safeguards and HITRUST/NIST controls to cloud-native services and operating procedures; maintain control matrices and evidence catalogs.
• Establish identity and access strategies: SSO/Federation, least privilege, role design, JIT/JEA, PAM, key and secret management (KMS/HSM).
• Implement data security patterns: data classification/tagging, tokenization, DLP, encryption-in-transit/at-rest, key rotation, and logging.
• Harden network patterns: private endpoints, service endpoints, firewall/WAF, egress control, segmentation, zero-trust access, and secure remote administration.
• Embed security into CI/CD:
  IaC scanning (e.g., Checkov, tfsec), container/Kubernetes security, SAST/DAST/secret scanning, artifact signing, and…