Network Security Architect

EEOC Statement

"Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment."

You must be authorized to work in the United States without employer sponsorship.

This Position is: On-site (Brentwood, TN)

Travel Requirements: Travel up to 10% (To facilities) 

Job Summary

The Network Security Architect is responsible for designing, governing, and continuously improving enterprise-grade network security architectures across on-premises, cloud, and hybrid environments. This role provides strategic and technical leadership across multi-vendor security platforms, including Palo Alto Networks, Cisco Meraki, and cloud-delivered security services, spanning firewall architecture, network segmentation, and zero trust in a large, geographically distributed healthcare environment.

The architect partners closely with Infrastructure, Cloud Operations, Security Operations, and Application teams to deliver scalable, resilient, and compliant network security designs that protect patient data, support business continuity, and align with regulatory obligations including HIPAA. This is a senior individual contributor and technical leadership role with significant influence over architecture direction, engineering standards, and vendor strategy.

Key Responsibilities

Architecture & Design

• Lead the architecture, design, and standardization of multi-vendor network security solutions spanning NGFW, cloud-delivered security, and network access control.

• Define secure network architectures for data centers, Azure/GCP cloud environments, branch/facility sites, and hybrid connectivity models.

• Design network segmentation, microsegmentation, zero trust, and least-privilege architectures aligned and enterprise security frameworks.

• Develop and maintain reference architectures, design standards, technical roadmaps, and reusable security architecture patterns.

• Evaluate emerging network security technologies and provide adoption recommendations integrated into the enterprise security strategy.

• Define and govern network security requirements for new facility onboarding, acquisitions, and infrastructure modernization initiatives.

Multi-Vendor Platform Leadership

Palo Alto Networks

• Define and govern security policy architecture across the Palo Alto platform: zone design, App-ID/User-ID enforcement, threat prevention profiles, URL filtering, DNS Security, and WildFire integration.

• Architect Panorama-managed policy structures, including device group hierarchy, shared policy design, and rule base standards, to enforce consistent security posture across managed firewalls.

• Lead security-focused platform migrations from legacy firewall environments to Palo Alto NGFW, ensuring policy intent and threat coverage are preserved and improved.

• Architect Prisma Access deployments for mobile user and branch security: security policy enforcement, threat inspection, identity integration, and cloud-delivered service chaining.

Cisco Meraki

• Architect security enforcement across Cisco Meraki MX security appliances: threat prevention, content filtering, IDS/IPS, and site-to-site VPN design for campus and branch environments.

• Integrate Meraki security controls with the broader security stack, including SIEM and identity systems, to achieve unified threat visibility and policy enforcement.

Compliance, Governance & Security Frameworks

• Translate regulatory and compliance requirements applicable to healthcare IT environments into network security architecture decisions, design standards, and control implementations.

• Apply recognized security frameworks, including NIST Cybersecurity Framework, NIST SP 800-53, and CIS Controls, to assess current-state security posture, identify gaps, and prioritize architecture improvements.

• Implement zero trust architecture principles, driving maturity assessment and phased adoption across network segmentation, identity enforcement, and device trust.

• Define and enforce network security standards, architecture exception processes, and change governance procedures; conduct architecture reviews and risk assessments to support ongoing governance.

• Support internal audits, regulatory assessments, and third-party security reviews, providing network architecture documentation, evidence, and remediation roadmaps.

Collaboration & Leadership

• Serve as the primary technical authority and advisor for network security architecture across the organization.

• Partner with Network Engineering, Security Operations, Cloud, and Application teams on design reviews, security integration, and incident response support.

• Review and approve technical designs, change requests, and architecture exception requests.

• Mentor network security engineers and contribute to engineering standards, design templates, and operational runbooks.

• Present architecture proposals, risk findings, and strategic recommendations to both technical teams and senior leadership.

Required Qualifications

• 7+ years of experience in network security engineering, network architecture, or infrastructure architecture roles.

• Demonstrated architect-level experience with Palo Alto Networks technologies (NGFW, Panorama, Prisma) with depth in Palo Alto expected; multi-vendor breadth is a strong plus, not a disqualifier.

• Strong expertise in NGFW policy architecture and rule base design; network segmentation and zero trust principles; routing protocols, switching, VPNs, and encrypted traffic inspection; cloud network security (Azure preferred).

• Experience designing security solutions for large, geographically distributed enterprise environments.

• Working knowledge of healthcare compliance requirements (HIPAA) or equivalent regulated-industry security design experience.

• Strong documentation skills; ability to produce architecture diagrams, design standards, and stakeholder-ready presentations.

Preferred Qualifications

Certifications

• Palo Alto Networks: Specialist/Architect tier certifications

• Cisco: CCNP Security, CCIE Security, or Cisco Meraki certifications

Domain Experience

• Healthcare IT with multi-facility, geographically distributed network environments

• M&A integration: assessing, onboarding, and remediating acquired entity network environments

• Network forensics and incident response support from an architecture perspective

• Wireless security architecture for clinical and IoT environments (medical device network segmentation)

Soft Skills

• Strategic architectural thinking with the ability to translate complex business and regulatory requirements into security designs.

• Ability to balance security rigor, operational performance, and business enablement making pragmatic risk-based decisions.

• Comfortable presenting technical designs and risk tradeoffs to both engineering teams and senior leadership.

• Proven ability to influence and drive alignment across cross-functional teams without direct authority.

• Self-directed with strong prioritization skills in a complex, fast-paced healthcare environment.

• Collaborative mindset: sees security architecture as an enabler, not a blocker.

Lifepoint Health is a leader in community-based care and driven by a mission of Making Communities Healthier. Our diversified healthcare delivery network spans 29 states and includes 63 community hospital campuses, 32 rehabilitation and behavioral health hospitals, and more than 170 additional sites of care across the healthcare continuum, such as acute rehabilitation units, outpatient centers and post-acute care facilities. We believe that success is achieved through talented people. We want to create places where employees want to work, with opportunities to pursue meaningful and satisfying careers that truly make a difference in communities across the country.