×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Systems Engineer Security Manager

Solutions Architect MIT

Job in New York, New York County, New York, 10261, USA
Listing for: Montefiore Health System
Full Time position
Listed on 2026-03-16
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Systems Engineer, Security Manager
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Location: New York

Overview

The Cloud Cybersecurity Architect is responsible for designing, validating, and governing secure cloud architectures across AWS and Azure. This role reviews designs and operations from a cybersecurity architecture and operations perspective and will work closely with risk, compliance and policy teams within the Cybersecurity team—covering PHI/PII protection, identity, network segmentation, data security, monitoring, incident response, and gathering evidence for audit requests from the Cyber team.

The Architect partners with Cloud Engineering, Security Operations, Cybersecurity, Networking, Cyber Compliance/GRC, and clinical application teams (e.g., EHR/VDI/PACS) to ensure secure-by-default, audit-ready platforms that meet HIPAA, HITECH, and HITRUST requirements while enabling delivery velocity and cost efficiency.

Education

A combination of education, experience, and training should qualify the candidate.

Certification(s)
  • Preferred: CISSP, CCSP, CCSK, or HITRUST CCSFP
  • Cloud security certifications (e.g., AWS Security Specialty, Azure Security Engineer (AZ-500), SC-100)
  • Bonus: GIAC (GCSA, GCPN, GCIH), CISM
Role And Responsibilities

The Cloud Cybersecurity Architect leads the definition and validation of cloud security controls, ensures compliance with healthcare regulations at the direction of the Cybersecurity team and reduces risk via secure reference architectures, guardrails, and automated checks embedded in pipelines and making sure standards such as CIS are applied and maintained.

Key Responsibilities
  • AWS Organizational Governance:
    Service Control Policies (SCP) design, multi-account patterns, delegated admin setups.
  • Logging & Audit Foundations:
    Org Cloud Trail, AWS Config aggregator, S3 log archive hardening, Guard Duty, Security Hub.
  • CSPM / CNAPP Operations (Wiz.io):
    Onboarding accounts/resources, tuning posture policies, integrating with ticketing and log routing (e.g., Cribl/SIEM).
  • Infrastructure as Code:
    Terraform modules, reusable patterns, policy-as-code integration, CI scanning.
  • Vulnerability & Risk Prioritization:
    Combining CVSS, exploit context, asset criticality, and signal sources into severity logic.
  • Automation & Scripting:
    Python (boto3), AWS CLI, shell tooling for validation, evidence export, reporting.
  • Identity & Access: IAM least privilege, cross-account role assumptions, permission boundaries, automation roles.
  • Observability / Data Routing (Plus):
    Cribl / Firehose / Kinesis or equivalent pipeline familiarity.
  • Compliance Awareness: HIPAA safeguard themes (auditability, access control, data protection, etc).
  • Metrics & Reporting:
    Designing & extracting KPIs (coverage %, MTTR, SLA compliance, control efficacy).
  • Define secure, compliant reference architectures (landing zones, IAM, network segmentation, encryption, logging/monitoring, backup/DR).
  • Work with the Cyberteam on the above to ensure they meet their requirements, standards and policies and that they are included and in all designs and sign off on them.
  • Review and approve solution designs and changes through an architecture review process; perform threat modeling and risk assessments in close coordination with the Cyber and enterprise Architecture teams and processes.
  • Map HIPAA/HITECH safeguards and HITRUST/NIST controls to cloud-native services and operating procedures; maintain control matrices and evidence catalogs.
  • Establish identity and access strategies: SSO/Federation, least privilege, role design, JIT/JEA, PAM, key and secret management (KMS/HSM).
  • Implement data security patterns: data classification/tagging, tokenization, DLP, encryption-in-transit/at-rest, key rotation, and logging.
  • Harden network patterns: private endpoints, service endpoints, firewall/WAF, egress control, segmentation, zero-trust access, and secure remote administration.
  • Embed security into CI/CD:
    IaC scanning (e.g., Checkov, tfsec), container/Kubernetes security, SAST/DAST/secret scanning, artifact signing, and policy-as-code (OPA/Conftest).
  • Select and integrate cloud security tooling (e.g., CSPM, CWPP, CIEM, SIEM/SOAR) and cloud-native controls (AWS Security Hub/Guard Duty/Macie; Microsoft Defender for Cloud/Sentinel; GCP SCC) or similar tools.
  • Define…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search