Architect, Cyber Engineer

EEOC Statement

“Lifepoint Health is an Equal Opportunity Employer. Lifepoint Health is committed to Equal Employment Opportunity for all applicants and employees and complies with all applicable laws prohibiting discrimination and harassment in employment.”

You must be authorized to work in the United States without employer sponsorship.

Work Environment and Travel Requirements

• This position is: Hybrid
• Travel Requirements: Travel required up to 10%    
   

Job Summary
The Cybersecurity Engineer Architect is responsible for leading supporting cybersecurity operations through tiered response, tool-agnostic analysis, AI-enabled workflows, and contributions to cyber resiliency and exposure management. This role serves as the technical leader for the cybersecurity defense program setting detection strategy, control roadmaps, and resiliency patterns. The Architect leads preparation for and response actions to cyber events, champion for exposure management and partners with privacy, compliance, legal, clinical operations and enterprise architecture.
 

Essential Functions

• Event Lead for enterprise‑level incident response for priority events; coordinate with Legal/Privacy/Communications and external partners as needed.
• Perform Tier 3-level ticket intake, triage, investigation, remediation and document corrective actions in corporate ticketing systems. 
• Deliver correlated and complex cross‑platform detections.
• Lead cyber defense operations across detection, response, and prevention functions.
• Evaluate and integrate AI across detections, hunting, triage, and automation.
• Utilize AI-assisted analysis and automation to improve accuracy and efficiency of investigations.
• Maintain awareness of emerging threats, vulnerabilities, and adversary techniques and translate threat intelligence into operational response tasks.
• Author and conduct cyber defense exercises; measure and improve Mean Time to Detect (MTTD)/Mean Time to Remediate (MTTR), detection coverage, and recovery.
• Define and author tool agnostic, outcome‑driven strategy and roadmaps.
• Drive cyber resiliency engineering (backup/restore assurance, segmentation strategy, recovery SLOs, tabletop design, chaos/resilience testing).
• Support exposure management program: scoping, discovery, prioritization, adversarial validation, mobilization; exposure lifespan and business risk reduction.
• Mentor engineers; set documentation and operational standards.

Job Requirements

• Education: Master’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent depth of cybersecurity engineering experience.
• Experience: 5–8+ years in security operations, incident response, or cybersecurity roles with multi‑platform ownership and proven enterprise impact.
• Certifications (preferred): ISC2 Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+) / SecurityX, or similar.
• Clearances/Background: Able to pass healthcare compliance/background checks.

Required Skills

• Curiosity and willingness to learn new technologies, including use of AI and AI-enabled security capabilities.
• Full-spectrum security domain expertise (identity, endpoint, email/phishing, cloud, network, data protection, etc).
• Expert understanding of identity threats (MFA fatigue, token theft, OAuth abuse), email threats, EDR evasion, and cloud/system misconfigurations.
• Deep architecture and content engineering depth: detections, analytics, automation, data pipelines, quality gates, and measurement.
• Demonstrated leadership of large‑scale incident response actions, detection/resiliency initiatives with measurable risk reduction.
• Ability to solve complex cybersecurity operational problems without guidance.
• Master-level executive communication, risk storytelling, stakeholder influence, and cross‑functional leadership.
• Ability to quickly organize and manage multiple competing tasks simultaneously.
• Ability to translate adversary TTPs into engineering changes for security tools.

Functional Demands

• Ability to sit for extended periods and operate a computer.
• Occasional lifting up to 20 pounds.
• Extended screen time; rapid context switching; occasional high‑stress major‑incident participation.
• Participation in on-call coverage including nights/weekends/holidays as assigned.
• Ability to analyze alerts, logs, and reports for extended periods.
• Ability to prioritize tasks and manage multiple tickets simultaneously.
• Attention to detail and consistency in documentation.
• High focus for long periods during monitoring shifts; ability to communicate technical alerts to non-technical staff.