Industry: Finance & Insurance•
11 - 15 years
Posted 58 days ago
The Consultant, Information Security is responsible for recommending, architecting and leading the implementation of security solutions which provide authentication, authorization & system hardening services for internal and external applications and services. The Consultant, Information Security works closely with Architects, applications owners & Managers to provide security guidelines and architecture consultancy to secure new applications and systems. The Consultant, Information Security works diligently towards identifying growing threats, vulnerabilities, incidents and comes out with recommendations that fits the existing security infrastructures within CareFirst FEPOC.
PRINCIPAL ACCOUNTABILITIES: Reporting to the CISO, the Consultant is accountable for a variety of tasks and deliverables, as listed below.
1. Support: Support existing information security applications and infrastructure components. Work and collaborate other teams in the enterprise, or with customers (internal and external) on resolving access issues related to security functions, such as authentication, authorization, password management, account locks, user management, SSO/Federation, Role and Privilege assignments, etc. Work with the project managers to define realistic timelines for production issue resolutions. Troubleshoot issues across multiple applications and systems. Persist in fixing issues and supporting deployments during the maintenance window (around midnight). Apply creative thinking in problem solving and actively identifying opportunities for system improvements.
2. Development: Develop proof of concept to validate design assumptions and solutions. Research new techniques and methodologies available to enhance CareFirst Security postures. Work across team to provide guidance and expertise in development actives related to Tivoli identity & access management, SSO development, TDI plug-ins, Active Directory, Kerberos tickets, SAML, Web services etc..
3. Design and Document: Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture and with CareFirst security policies and guidelines. Create detailed documents using UML and similar diagraming methods, to be shared within and outside the team. Contribute to our library of design patterns, security standards, policies, best practices, checklists, and other guiding artifacts. Establish and maintain coding standards, deployment standards, configuration management of security Web Services and Tivoli services.
4. Leadership: Provide leadership in representing Information Security, specifically in the area of application security, access control, cryptography etc. Lead joint design sessions with stakeholders, including Portal team, Data team, and other technical teams at CareFirst. Coordinate implementation with other teams, while maintaining clear communication channel and keeping the project on track. Lead, guide and help other staff members on their assignments, technical roadblocks etc. Mentor other team members on business knowledge, system details, and complex technical issues. Contribute to new ideas in technology, process and solutions of information security beneficial to the team and the enterprise.
This position is also subject to being "on call" for emergency situations requiring immediate resolution.
Required Experience, Skills and Abilities: