CareFirst Careers

Security Architect

Resp & Qualifications


Reporting to the Manager Information Security, Identity and Access Management, the Security Architect is accountable for a variety of tasks and deliverables, as listed below.

Support existing applications specifically CyberArk and related components and Architecture, Disaster Recovery of CyberArk and related functions within the Identity and Access management, roles definition, access rights tracking, generation of audit reports, etc. Assist in problem resolution and recommending alternative techniques. Works closely with Security Technical Leads to guide decisions on solutions and best practices. Work and collaborates other teams in the enterprise, or with customers (internal and external) on resolving access issues related to security functions. Assist in security related audits, risk assessments and access reviews by working with peers and security specialists will providing reports and information to other teams such as IT Audit and Risk Assessment.


Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture and with CareFirst security policies and guidelines.  Work with internal infrastructure & application owners to integrate Privileged credentials across the enterprise into CyberArk. Secure applications and systems by working with the Leads to corroborate pragmatic solutions, which is maintainable and scalable. Create detailed designs for multi-tiered security, web applications using UML and similar diagraming methods – to provide guidance to developers and other architects with and without Security knowledge. Contribute to our library of design patterns, security standards, checklists, and other guiding artifacts. Conduct research of new security technologies and contribute to new ideas, patterns, processes and solutions of information security, which are beneficial to the team and the enterprise. Collaborate with the Leads in order to properly interpreting high-level designs into working solutions and provide guidance in this regard.

Collaborates with other teams for joint design sessions and decisions primarly for CyberArk and PAM solutions and related components. Handles multiple projects at any time and communicates with project teams as well as with Solution Architects.  Presents to senior management and supports Enterprise Architects in procurement of new technologies and tools for extending the enterprise technology stack and enabling advancement of leading edge business solutions. Provides guidance on security related questions and issues that arise in Information Security and in other Competency Centers. Works with other Security Architects or Security Leads in identifying opportunities of improvement, maintaining the Information Security Road Map, and specifying Security Design Patterns and Standards. Represents Information Security across the enterprise and plays a key role in communicating the policies, goals, and road map of the team.

This position is also subject to being "on call" for emergencies requiring immediate resolution.  Travel between all CareFirst locations may be required.


Required Experience, Skills and Abilities:
This position requires a BA/BS in computer science or related IT field or equivalent experience plus 8 – 10 years of IT experience including 7 years of combined experience in Information Security and Security Architecture. In addition to the below:


  • Proven leadership skills, interpersonal skills and the ability to build relationships across the enterprise.  Must be able to influence and work with diverse teams with different backgrounds and motivations.
  • Must have strong writing and verbal communication skills and a demonstrated ability to clearly articulate and communicate complex subjects and solutions.
  • Able to work in a fast passed environment, handle changing requirements, and perform under tight timelines.
  • Must be a fast learner with a commitment to personal growth in the domain of Information Security.
  • Proven record of accomplishment of performing in-depth research and introducing new technologies for better deploying and implementing style, faster delivery, and enhanced performance.
  • Knowledgeable in architectural methods, tools, and diagraming schemes.
  • Must possess strong knowledge of information security systems including Access Management, Identity Management, LDAP, Role Based Access Control, HTTP Headers, Cookies, Encryption, SSL, Certificates, etc., Access Control List (ACL), Web Services Security, etc.
  • Must have an good understanding of communications protocols, such as HTTP, TCP/IP, JMS, SSL, etc.
  • Experienced with large and complex systems having multi-layered architectures and use of Software Development Lifecycle methodology.


  • MS in Computer Science and or related field.
  • Security Certifications like CISSP, CISM..
  • Experience with some or all of the following:  Solution Architecture, Enterprise Architecture, and strong knowledge in Architecting CyberArk and related PAM solutions. Understanding of UNIX, Linux. Strong knowledge in Network security, Firewall configuration, Intrusion Preventions Systems, and similar security devices.



Department: Identity and Access Management

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 6/15/2018

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The physical demands described here are representative of those that must be met by an associate to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities. Travel between Carefirst sites is required.

The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The employee must frequently talk and hear.  Weights of up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology