Job Description

Responsibilities

Responsibilities include but are not limited to:

Secure all AD OPS applications, services and related infrastructure in both cloud and on premise environment through analyzing existing security structures, creating new and enhanced security methods. Also drive cultural change geared towards security across the AD-Ops team while ensuring adoption and compliance of the required security standards across AD OPS teams.
Provide hands-on engineering support for Vulnerability Scanning, Sensitive data scanning, security audits, risk analysis, threat simulations to detect possible risks, penetration testing for security compliance.
Train and support developers, analysts, testers and other personnel engaged in product delivery to the appropriate level of software security knowledge to perform their responsibilities.
Provide security consulting including design, reviews and recommendations for various AD Ops Project initiatives and help develop a strong Security Design and help to get it approved by Information Security.
Serve as a core team member of the AD Ops Team and implement necessary processes, tools to automate and integrate application security testing, and compliance requirements. Research new Security trends and make timely recommendations to AD Ops management for implementation of new tools and processes that will enhance the security of both cloud-based and on premise environments at large and application development in specific.

Qualifications

Required Basic Qualifications:

MS or BS degree in Computer Science, Information Technology or equivalent experience required
10+ years of experience in various security domains including security engineering, Software Applications Security and Infrastructure security with hands-on coding experience, with a desired 3+ years in a relevant cloud development, automation, and orchestration
5+ years of hands-on experience supporting SAST and DAST in an enterprise environment
Experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.
Experience working in a cloud/IaaS environment – AWS is strongly preferred
Subject matter expertise in web application security and Mobile Application Security
Experience translating business and security requirements into proper policies that can be coded and tested via automation
Expert knowledge of Agile approaches to software development and able to put key Agile and DevSecOps principles into practice to deliver solutions incrementally
Experience with workflow, publishing, analytics, portal, mobile, big data, cloud and other leading-edge technologies and respective security concepts
Knowledge of unique security risks and capabilities with IaaS, PaaS, and SaaS
Experience working with complex network topologies
Experience working in a cloud/IaaS environment – AWS is strongly preferred
Experience working with virtualization software such as VMWare and Open Stack
Experience working with security tools likes WhiteSource, Contrast
Experience with enterprise monitoring and logging solutions such as AppDynamics, Zabbix and Splunk
Has knowledge sharing approach to train counterparts and achieve scale. Ability to write security policies as code
Configuration Management tools such as Ansible
Test and build systems such as Jenkins, Maven, Ant
Must have a solid understanding of cloud systems — not only how they operate, but how to deploy them securely, efficiently, and with little-to-no downtime
Linux, Unix, and Windows operating systems proficiency

Preferred Basic Qualifications:

MBA or MS degree
Ability to present to top management, corporate committees, and workgroups and to communicate information security and risk management concepts
Demonstrated ability making operational decisions, monitoring progress and reporting results
Technology Experience Preferred: Java and the J2EE Environment, strong UNIX administration skills, scripting and automation experience, strong understanding of cryptographic algorithms and principles, strong understanding of networking fundamentals, addressing, TCP/IP, protocol and network analysis
Certified Information Systems Security Professional (CISSP )
Certified Secure Software Lifecycle Professional (CSSLP)
AWS Certified Security – Specialty

Valid through: 4/26/2021

About Blue Cross and Blue Shield Association

Blue Cross Blue Shield Association is a federation of 36 separate United States health insurance companies that provide health insurance in the United States to more than 106 million people. It was formed in 1982 from the merger of its two namesake organizations: Blue Cross was founded in 1929 and became the Blue Cross Association in 1960, while Blue Shield emerged in 1939 and the Blue Shield Association was created in 1948. In the healthcare insurance industry, the organization is known as "The Association" and has two offices, one in Chicago and one in Washington, D.C. The main office is in Chicago in the Illinois Center at 225 North Michigan Avenue. The BCBSA claims to control access to the Blue Cross and Blue Shield trademarks and names across the United States and in more than 170 other countries, which it then licenses to the affiliated companies for specific, exclusive geographic service areas. It has affiliated plans in all 50 states, the District of Columbia, and Puerto Rico, as well as licensees offering plans in several foreign countries; it also operates a nationwide health insurance program for employees of the United States federal government. The BCBSA manages communications between its members and the operating policies required to be a licensee of the trademarks. This permits each BCBSA company to offer nationwide insurance coverage even though it operates only in its designated service area.

Total Jobs:

Total Experts:

Average Pay:

$139,626

Total value of jobs:

$9,355,000

% Masters:

44%

Learn More About Blue Cross and Blue Shield Association blue arrow

* Ladders Estimates