MASS CV
Post Job for Free
VACANCY
Log In / Sign Up
IT & Web & SQA

Senior Cyber Security Specialist (Risk Management)

Senior Cyber Security Specialist (Risk Management) Resp & Qualifications PRI

2019-11-05 2020
Carefirst
Position: Senior Cyber Security Salary: Unspecified Type: Full Time Location: Washington, DC
Resp & Qualifications
PRINCIPAL ACCOUNTABILITIES:
Under the supervision of the Manager, Information Security, the incumbent’s accountabilities include, but are not limited
to the following:
Support information security risk management processes to support the security of FEPOC information.
Performing security governance through the design and implementation of security policies, procedures, guidelines and
standards to maintain the confidentiality, integrity and availability of information systems and data.
Implement necessary enhancements/updates/upgrades to existing security products.
Assist in the configuration and installation of security products. Where possible, suggesting and implementing possibilities
to automate manual operational activities.
Represent Information Security in disaster recovery procedures and exercises.
Test and report on new technologies and reporting security concerns through the creation of security vulnerability
assessments.
Perform periodic compliance reviews of security operating system configurations.
Serve as senior technical information security coordinator/project lead and as a contributor to cross functional teams for
deployment and support of security specific infrastructure to provide information security to the enterprise.
Provide support and guidance to a team of technically diverse personnel of junior level security specialists
Design, implement, and integrate security solutions to address enterprise risks and exposures.
Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and
infrastructure.
Provide appropriate training to other security specialists and external customers on developed standards, procedures and
guidelines
Apply risk management methodologies and processes to ensure the enterprise is protected and secured in the following
areas:
Identity and access management
Provide data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public
and private key management, data leakage prevention, web applications and source code security, database security,
etc.)
Network devices and infrastructure, desktop/mobile devices and remote access to the network,
Information governance to ensure data is managed based on its sensitivity.
Information governance through information security policies, guidelines, and standards
Perform day-to-day maintenance and addressing issues and problems associated with security tools.
Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
Provide off-hours support and problem resolution as directed by departmental requirements, service level agreements
and internal support procedures.
Provide assistance with audit issues and concerns affecting the Information Security department
Interact with other teams to develop tactical and strategic programs to address processes, controls, organization and
infrastructure to manage information security related concerns and satisfy directives.
Properly interpret business and technical requirements into security solutions and designs that are consistent with the
current information security architecture.
Implement and assist in enforcement of company security policies.
Document results of system and application reviews including corrective action taken and security related documentation.
Assist with reviews of current and new CareFirst systems and applications, including changes to existing
applications/systems, to assure compliance with Information Security policies and standards.
Apply creative thinking in problem solving and identifying opportunities for improvements in security.
Utilize IDS/IPS systems, SIEM (Security Incident and Event Management) tools and network scanners to review, assess,
and document incidents and vulnerabilities to improve security.
Provide Information Security related recommendations regarding CareFirst infrastructure components (communications
network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
Collaborate with other Information Security specialists, designers, developers, and architects.
Work with other technical teams in the organization such as IT Operations and IT Applications.
Share ideas, discuss alternatives, and seek input. Suggest means to decrease vulnerability of systems, applications and
processes.
Maintain familiarity with state of the art concepts, procedures, software and techniques in Information Security in order to
be able to effectively assess and develop the CareFirst Information Security environment.
QUALIFICATION REQUIREMENTS:
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 3 - 6 years
related work experience. The incumbent will possess a high level of expertise in information security concepts,
information security policies and system architecture concepts and have experience in process definition, workflow
design, and process mapping. In depth understanding in multiple areas of Information Security such as networking
(TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security
technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), voice technologies (session border controllers, MPLS, VOIP,
etc.), authentication technologies, (TACACS, RADIUS, etc.), wireless architectures, encryption key management, and
mobile device technologies. Also, must have knowledge of vulnerability assessments, privacy assessments, incident
response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an
ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.
Abilities/Skills:
Ability to identify and resolve complex issues and develop security solutions to meet CareFirst’s business and technology
goals.
Strong written documentation skills and technical writing are required.
Excellent presentation and verbal communication skills.
Ability to effectively complete tasks with a minimal level of supervision.
Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Lotus Notes, Microsoft
Exchange) and unified communication systems (Office Communication Server).
Possess broad understanding of the following systems/skill sets:
IBM Tivoli administration and configuration
System hardening concepts and techniques
Checkpoint technologies
Network and remote access controls
LDAP, Unix, Active Directory, Java, EJB, JSP, JDBC, JMS, Kerboros, PKI, XML, WSDL, Web Services, Ant, and Spring
Framework
Unix, Linux, Web application servers (WebSphere, Apache)
Virtualization technologies (VMware, VLANS, Hypervisors)
Encryption technologies and key management
Web application servers
Web application and IP firewalls
Familiarity with access control methodologies (MAC, DAC. RBAC)
Preferred:
Specific knowledge of the CareFirst corporate structure.
An understanding of the relationships among various units within the corporation.
Ability to understand and apply appropriate polices and procedures.
Experience with NIST RISk Managament Framework (RMF) and/or Cyber Security Farmework (CSF).
Knowledge of ethical hacking techniques and counter attack methodologies.
Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications
and concepts, IDS/IPS and other appropriate security related tools and capabilities.
Experience working with Information Security tools in a large, complex, multi-platform environment.
#LI-DM1
Department
Security Operations Center
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal
employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender
identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply:
Closing Date
Please apply before: 10/25/2019
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her
ineligible to perform work directly or indirectly on Federal health care programs.
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her
ineligible to perform work directly or indirectly on Federal health care programs.
PHYSICAL DEMANDS:
The physical demands described here are representative of those that must be met by an employee to perform the
essential duties and responsibilities of the position successfully. Requirements may be modified to accommodate
individuals with disabilities.
The employee is primarily seated while performing the duties of the position. Occasional walking or standing is required.
The hands are regularly used to write, type, key and handle or feel small controls and objects. The employee must
frequently talk and hear. Weights of up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship
Share this job
Related Careers
Apply

Back

#Washington#Senior#Cyber#Security
Facebook Twitter Linked
About Us Contact us Support
MASS CV open vacancies
Privacy Agreement Feedback

©2019 MASS CV All rights reserved