CareFirst BlueCross BlueShield

Sr. IT Information Security Specialist

Security Engineer in Washington, DC

Posted 2019-12-06

Reporting to the Manager, IT Security, the Senior Information Security Specialist is accountable for a variety of tasks and deliverables, as listed below.

Support existing information security applications and infrastructure components. Work and collaborate other teams in the enterprise, or with customers (internal and external) on resolving access issues related to security functions, such as authentication, authorization, password management, account locks, user management, SSO/Federation, Role and Privilege assignments, etc. Work with the project managers to define realistic timelines for production issue resolutions. Troubleshoot issues across multiple applications and systems. Persist in fixing issues and supporting deployments during the maintenance window (around midnight). Apply creative thinking in problem solving and actively identifying opportunities for system improvements.

Develop code, scripts, and configuration/deployment instructions to implement designs and follow instruction of Lead team members. Use best practices and patterns to ensure delivery of an enterprise grade solution that is scalable, extensible, and configurable. Use SQL optimization techniques, parallel processing techniques, asynchronous transactions, and other enterprise grade patterns. Perform thorough unit testing, code validation, and troubleshooting. Work with other technical teams in the organization such as Data Architecture, Portal and Integration. Work with the project managers to define realistic timelines for solution delivery. Deliver solutions in a timely manner and according to the agreed upon schedule.

May use any of the following skills sets including: IBM TIM administration and workflow development, TAM administration and configuration, TFIM administration and configuration, LDAP, Unix, Active Directory, Java, EJB, JSP, JDBC, JMS, Kerberos, PKI, XML, WSDL, Web Services, Ant, Spring Framework.

Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture. Create detailed documents using UML and similar diagraming methods, to be shared within and outside the team. Documents include code commenting, descriptions of interfaces, instructions for deployments and configurations

This position is also subject to being "on call" for emergency situations requiring immediate resolution.

Solid knowledge of information security systems including Access Management, Identity Management, LDAP, Role Based Access Control, HTTP Headers and Cookies, Encryption, SSL, Certificates, etc.
Experienced in Web Services code development and testing, Object Oriented Design and coding methods, agile development, deployment scripting with tools like ANT or Perl, TDI scripting, and logging methods.
Experienced in programming for relational databases, including SQL for DML, DDL and Queries.
Familiar with communications protocols such as HTTP, TCP/IP, JMS, SSL, etc.
Experienced with large and complex systems and the use of Software Development Lifecycle Methodology.
Knowledgeable in secure coding standards and security patterns for application and data level security.
Must be a fast learner and a commitment to personal growth in the domain of Information Security.
Must have experience researching and introducing new technologies.
Experience in coaching and mentoring other associates as well as leading small teams of peers.
Strong oral and written communications abilities are necessary, as are excellent interpersonal skills for customer interfacing.
Strong analytical and organizational skills.
Skilled in Microsoft Office suite: Outlook, Word, Excel, Power Point

MS in Computer Science.
Experience with some or all of the following: Unix, Linux, Tibco, WebSphere administration and tuning, Web Services Security, Oracle database administration, Firewalls, Intrusion Preventions Systems, and similar security devices.
Performing Static and Dynamic Application Security Testing using HP Fortify SCA, Web Inspect, IBM AppScan Standard, Enterprise, ASOC, CheckMarx, IBM AppScan Source for Analysis and Synopsys Coverity.
Assisting developers with writing Secure Code in the IDE (Eclipse, IntelliJ and Visual Studio)
Knowledge of OWASP Top Ten
Integrating Static, Dynamic and Interactive Application Security Testing into CI/CD build and deploy pipelines.
Performing Vulnerability Issue validation, triaging, reporting and prioritization.
Building Application Security KPI Dashboards
Securing Source and Artifact Repositories which mitigate use of insecure code
Implementing risk mitigation connected to use of 3rd Party / Open Source Libraries
Prescribing Application Security Requirements to development teams.

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be seen in a new Security Engineer job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.