Senior Cyber Security Specialist

CareFirst | Washington, DC

Posted Date 8/12/2019
Description

Job Title: Senior Cyber Security Specialist

Job ID #: 12663

Location:  Washington, DC

Career Band: BDB

 

PRINCIPAL ACCOUNTABILITIES:
Under the supervision of the Manager, Information Security, the incumbent’s accountabilities include, but are not limited to the following:


1.         

  • Conduct and coordinate penetration testing and Red Team activities including Wi-Fi, web application and social engineering engagements.
  • Contribute to the technical maturity of the organization by providing training to other security specialists and external customers
  • Assist with the development of penetration testing and red teaming requirements and roadmaps
  • Leverage technical expertise to carry out offensive security testing as directed
  • Test and report on new technologies and reporting security concerns through the creation of security vulnerability assessments and other appropriate documentation.
  • Collaborate with threat hunters and threat intelligence analysis to provide mature intelligence to security decision makers.
  • Serve as senior technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure to provide information security to the enterprise.
  • Provide support and guidance to a team of technically diverse personnel
  • Design, implement, and integrate security solutions to test enterprise risks and exposures.
  • Design and implement security solutions and/or exercises to monitor the efficiency and effectiveness of security operations, controls and infrastructure.
  • Performing security governance through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.



2.

  • Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
  • Summarize and represent technical findings to security and non-security personnel to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage information security related concerns and satisfy directives.
  • Test data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web applications and source code security, database security, etc.)
  • Network devices and infrastructure, desktop/mobile devices and remote access to the network,
  • Information governance to ensure data is managed based on its sensitivity.
  • Information governance through information security policies, guidelines, and standards
  • Perform day-to-day maintenance and addressing issues and problems associated with security tools.
  • Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
  • Provide off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
  • Provide assistance with audit issues and concerns affecting the Information Security department




3.

  • Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture. 
  • Implement and assist in enforcement of company security policies.
  • Document results of system and application reviews including corrective action taken and security related documentation.
  • Assist with reviews of current and new CareFirst systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
  • Apply creative thinking in problem solving and identifying opportunities for improvements in security.
  • Utilize IDS/IPS systems, SIEM (Security Incident and Event Management) tools and network scanners to review, assess, and/or document incidents and vulnerabilities to improve security.
  • Provide Information Security related recommendations regarding CareFirst infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).


4.

  • Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment. 
  • Collaborate with other Information Security specialists, designers, developers, and architects. 
  • Work with other technical teams in the organization
  • Share ideas, discuss alternatives, and seek input.  Suggest means to decrease vulnerability of systems, applications and processes.
  • Maintain familiarity with state of the art concepts, procedures, software and techniques in Information Security in order to be able to effectively assess and develop the CareFirst FEPOC's Information Security environment.




QUALIFICATION REQUIREMENTS:

Required:  College Degree in an Information Security or Technology related field or equivalent experience plus 3 - 6 years related work experience.   The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have verifiable experience in penetration testing, mimicking tactics, techniques, and procedures (TTPs) of Advanced Persistent Threats (APTs), as well as attack frameworks.  In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), network architecture, operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), voice technologies (session border controllers, MPLS, VOIP, etc.), authentication technologies, (TACACS, RADIUS, etc.), wireless architectures, encryption key management, and mobile device technologies.  Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance.  The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.

Abilities/Skills:

  • Strong ability, interest, and desire to solve complex problems
  • Strong written documentation skills and technical writing are required.
  • Excellent presentation and verbal communication skills.
  • Ability to effectively complete tasks with a minimal level of supervision.
  • Strong computer skills and understanding of computers, information security, and cybersecurity industry awareness
  • Possess broad understanding of the following systems/skill sets:
  • System hardening concepts and techniques
  • Network and remote access controls
  • LDAP, Unix, Active Directory, Java, EJB, JSP, JDBC, JMS, Kerboros, PKI, XML, WSDL, Web Services, Ant, and Spring Framework
  • Unix, Linux, Web application servers (WebSphere, Apache)
  • Virtualization technologies (VMware, VLANS, Hypervisors)
  • Encryption technologies and key management
  • Web application servers
  • Web application and IP firewalls
  • Familiarity with access control methodologies (MAC, DAC. RBAC)


Preferred:

  • Scripting experience
  • OSCP, GIAC, GPEN, GWAPT or other penetration testing certifications
  • Knowledge of ethical hacking techniques and counter attack methodologies.
  • Understanding of SIEM tools and system log analysis.
  • Familiarity with offensive and defensive security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS and other appropriate security related tools and capabilities.
  • Ability to understand and apply appropriate polices and procedures.
  • Experience working with Information Security tools in a large, complex, multi-platform environment.

 

Department: Threat and Vulnerability Managment

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Actual salary will be based on relevant job experience and work history.

External applicants: Please visit our website to apply: www.carefirst.com/careers

Internal applicants: Please visit PeopleSoft/Employee Self Service/CareFirst Careers

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

PHYSICAL DEMANDS:

The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Please apply before: 09/06/2019

 

Type
Full-time

Share this job