Associate Security Architect

Salary depends on experience
Posted on 10/31/17
El Dorado Hills, CA
5 - 7 years experience
Business Services
Salary depends on experience
Posted on 10/31/17


 Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California’s Mission is to ensure all Californians have access to high-quality care at an affordable price. Blue Shield is focused on improving health care delivery by working closely with providers and making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 4 million members: we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than $325 million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution.

We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone. 



Our Cyber-Security Program has an immediate opening for an Associate Security Application Architect. 

This position plays a key role in supporting a balanced, risk-based approach to improve the overall maturity and effectiveness of our security program. The person who fills this role will have the opportunity to greatly influence the technologies and processes that are used to defend this company and its member’s data, no matter where it exists. 

The Associate Security Application Architect works to identify opportunities for improvement of our application security controls and practices across the enterprise, including our Software Development Lifecycle (SDLC) and Mobility apps for both  iOS and Android platforms. We understand that when well-orchestrated, our people, processes, and technologies are a key enabler for success, rather than just an after-thought. 

Specific Security Architecture responsibilities include, but not limited to, the following: 

• Provide thought leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with security direction and business strategies 
• Highly collaborative -- work across the company to drive adoption of technical standards, design principles and architecture patterns 
• Provide technical guidance and mentoring to engineers, designers and developers 
• Develop Application Security documents / artifacts from templates working with extended IT and Business teams 
• Identify architectural risks and develop plans to mitigate those risks, ensuring adherence to standards and best practices 
• Maintain a broad knowledge base of emerging threats and technologies and techniques to detect and mitigate them 
• Knowledge of architecture standards and patterns, and a passion for advocating their correct usage 
• Have excellent communication skills (written and verbal) 
• Demonstrate strong problem solving ability and analytical skills 
• Able to continuously assess current state architecture and recommend the future state architecture 
• Actively participate as a member of the Enterprise Architecture Review Board (EARB), which provides for governance across the organization 

Specific Security Architecture responsibilities include, but not limited to the following: 

• Conducts application and mobility risk assessments as required 
• Ensures compliance with regulatory and industry standards for infrastructure and information system security, including Hardening/Configuration Standards 
• Represents security interests to application development teams by ensuring security standards and requirements are defined as part of the deliverables 
• Provides project consulting, evaluating proposed solutions including vendor application products for IT security risks, working to define and push for standards, identify gaps and apply compensating controls as deemed necessary 
• Participates in the development of IT Security strategies, policies and standards



• At least 5-10 years of related IT security and/or security application development experience plus demonstrated ability to perform a risk-based approach to securing applications, databases or infrastructure based upon IT and business needs 
• At least 5-10 years of related mobile application DevOps experience 
• Experience in designing, architecting, or implementing complex enterprise applications, infrastructures, or platforms and systems with security built in 
• A strong understanding of SDLC principles 
• A good understanding and knowledge of network security capabilities and best-practices (e.g. IPS/IDS, firewalls, proxies, BYOD, wireless security) 
• Excellent written and verbal communication skills with strong relationship building skills 
• Ability to influence strategic security application development, support the framing of reference architectures and pattern components, seek consensus on target state architectures, and influence roadmaps 
• Skilled in applying strategic architecture direction to project delivery using standard engagement methods 
• Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST, SABSA, SANS) and approaches 
• General understanding on how to defend web and web services against security vulnerabilities, including the OWASP Top Ten and the SANS Top Twenty Five software errors 
• Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules. Preferred knowledge of the HITRUST Common Security Framework 
• Strong business acumen and a commitment to integrity, process improvement and customer satisfaction 
• Broad understanding of distributed, highly-available computing environments, and proactively addressing threats and vulnerabilities at all layers 
• Experience with TCP/IP and related protocols 
• Experience with Threat Modeling 

• Job Additional Education/Experience 
• Knowledge of healthcare industry and industry related technology would be a strong plus 
• Bachelor's degree in Computer Science, Cyber-Security, Engineering or related field or equivalent work experience 
• Ability to rise above the security related FUD and focus on specific work priorities and execution with positive outcomes 
• CISSP, Ethical Hacker or other security and/or Enterprise Architecture methodology certifications preferred 

This candidate should demonstrate the following behaviors: 

• Integrity - Firmly adhere to the values and ethics of our company. Exhibit honesty, discretion, and sound judgment – able to recommend a security call on an issue 
• Assume Positive Intent – When interacting with fellow employees, assume they are doing the right thing for the right reason 
• Initiative – Be comfortable using your own discretion in taking appropriate steps and risks to find solutions to problems; presents options and ideas to enhance current processes or procedures. 
• Cooperativeness - Willing to work with others, collaborating and compromising where necessary; promptly share relevant information with others 
• Flexibility - Is open to changing situations and opportunities and is willing to perform all tasks assigned 
• Independence - Able and willing to perform tasks and duties without supervision 
• Resiliency - Maintains a positive “can-do" outlook, rebounds quickly from frustrations, and maintains composure and friendly demeanor while dealing with demanding situations

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.