Information Security Consultant

CareFirst BlueCross BlueShield   •  

Washington, DC

Industry: Finance & Insurance


11 - 15 years

Posted 58 days ago

This job is no longer available.


The Consultant, Information Security is responsible for recommending, architecting and leading the implementation of security solutions which provide authentication, authorization & system hardening services for internal and external applications and services. The Consultant, Information Security works closely with Architects, applications owners & Managers to provide security guidelines and architecture consultancy to secure new applications and systems. The Consultant, Information Security works diligently towards identifying growing threats, vulnerabilities, incidents and comes out with recommendations that fits the existing security infrastructures within CareFirst FEPOC.

PRINCIPAL ACCOUNTABILITIES: Reporting to the CISO, the Consultant is accountable for a variety of tasks and deliverables, as listed below.

1. Support: Support existing information security applications and infrastructure components. Work and collaborate other teams in the enterprise, or with customers (internal and external) on resolving access issues related to security functions, such as authentication, authorization, password management, account locks, user management, SSO/Federation, Role and Privilege assignments, etc. Work with the project managers to define realistic timelines for production issue resolutions. Troubleshoot issues across multiple applications and systems. Persist in fixing issues and supporting deployments during the maintenance window (around midnight). Apply creative thinking in problem solving and actively identifying opportunities for system improvements.

2. Development: Develop proof of concept to validate design assumptions and solutions. Research new techniques and methodologies available to enhance CareFirst Security postures. Work across team to provide guidance and expertise in development actives related to Tivoli identity & access management, SSO development, TDI plug-ins, Active Directory, Kerberos tickets, SAML, Web services etc..

3. Design and Document: Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture and with CareFirst security policies and guidelines. Create detailed documents using UML and similar diagraming methods, to be shared within and outside the team. Contribute to our library of design patterns, security standards, policies, best practices, checklists, and other guiding artifacts. Establish and maintain coding standards, deployment standards, configuration management of security Web Services and Tivoli services.

4. Leadership: Provide leadership in representing Information Security, specifically in the area of application security, access control, cryptography etc. Lead joint design sessions with stakeholders, including Portal team, Data team, and other technical teams at CareFirst. Coordinate implementation with other teams, while maintaining clear communication channel and keeping the project on track. Lead, guide and help other staff members on their assignments, technical roadblocks etc. Mentor other team members on business knowledge, system details, and complex technical issues. Contribute to new ideas in technology, process and solutions of information security beneficial to the team and the enterprise.

This position is also subject to being "on call" for emergency situations requiring immediate resolution.


Required Experience, Skills and Abilities:

  • This position requires a BA/BS in computer science or related IT field or equivalent experience and at least 12 years of related experience of which at least 5 years must be in IT Security and least 8 years must be in enterprise-wide architect capacity.

In addition:

  • Lead and set security architecture strategy in close partnership with the business.\
  • Provide security architectural and technical guidance to support information system and infrastructure design, improvements, and planning
  • Assess current and planned information systems to identify Information Security architecture issues and design solutions for gaps
  • Gather technical and business requirements, develop roadmaps and communicate Information Security architecture strategy
  • Ensure that Information Security architecture can be traced to specific business requirements, policies and principles that enable business objectives and reduce risk
  • Document current security architecture, research best practices, conduct trend analysis, and identify gaps in developing future state Information Security architecture
  • Develop strategic vision and roadmaps to advance the organization's security capabilities and align with business goals
  • Develop security design patterns for protecting web, middleware, database and emerging technology paradigms such as cloud and mobile computing
  • Provide thought leadership via public speaking, expert counsel, and research with a focus on emerging technologies
  • Become a trusted advisor within the organization and a mentor to other senior staff
  • Maintain operational security posture for information systems and programs to ensure information systems security policies, standards, and procedures are established and followed.
  • Assist with the management of security aspects of the information security and performs day-to-day security operations of the system
  • Evaluate security solutions to ensure they meet security requirements for processing classified information


  • This position requires the candidate to be able to work across the enterprise, to analyze business needs, security requirements and identify solutions that are the best fit.
  • The ideal candidate will need to have a wide range of technical and security skills and experience but yet able to do a deep dive into a technical solution when necessary.
  • The candidate will need to be able to multitask and handle multiple on-going projects and have the people skills to motivate other teams to work towards a common goal.
  • Strong experience with two or more security domains is desirable.
  • Experience with some or all of the following: Tivoli based Security systems (TIM, TAM, TFIM), LDAP, System admin level experience in Unix/Linux based system, WebSphere administration and tuning, Web Services Security, Oracle database administration, Firewall configuration, Intrusion Preventions Systems, and similar security devices.
  • CISSP/CISM/SANS certifications.