Resp & Qualifications
Under the supervision of the Director, CyberSecurity Monitoring, Digital Forensics and Incident Response (DFIR), the incumbent’s accountabilities include, but are not limited to the following:
- Deploy and support systems; security applications and hardware, infrastructure components to protect the security of CareFirst information.
- Implement necessary enhancements/updates/upgrades to existing security products.
- Install, configure and maintain Palo Alto Networks firewalls.
- Administration of the firewall environment including services such as VPN Gateways, URL filtering, SSL Decryption and Advanced Threat Protection.
- Analyze data and telemetry from network security tools to improve control efficacy and validate control results.
- Where possible, automate manual operational activities.
- Represent CyberSecurity Monitoring and DFIR in disaster recovery procedures and exercises.
- Evaluate emerging technologies in the areas of perimeter security, intrusion prevention and cloud security.
- Perform periodic compliance reviews of firewall configurations.
- Serve as lead technical coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure.
- Design, implement, and integrate security solutions to address enterprise risks and exposure.
- Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure.
- Performing security governance through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.
Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
- Network devices and infrastructure, desktop/mobile devices and remote access to the network,
- Provide general support to the CyberSecurity Monitoring and DFIR department in carrying out its’ assigned functions and responsibilities.
- Provide off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
- Provide assistance with audit issues and concerns affecting the CyberSecurity department
- Interact with other Technical and Operation Support Service teams to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage risk and satisfy directives.
- Properly interpret business and technical requirements into security solutions and designs that are consistent with the current security architecture.
- Implement and assist in enforcement of company security policies.
- Document results of system and application reviews including corrective action taken and security related documentation.
- Provide Information Security related recommendations regarding CareFirst infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).
- Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
- Collaborate with other Security specialists, designers, developers, and architects.
- Maintain familiarity with state-of-the-art concepts, procedures, software and techniques in Security in order to be able to effectively assess and develop the CareFirst Information Security environment.
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 3+ years related work experience. The incumbent will possess a high level of expertise in CyberSecurity concepts and CyberSecurity architecture. In depth understanding in multiple areas of CyberSecurity such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, Linux), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), authentication technologies, (TACACS, RADIUS, etc.), and encryption key management. The incumbent must have an ability to quickly and effectively learn CyberSecurity tools in a large, complex multi-platform environment.
- Thorough knowledge of Palo Alto Networks’ product solutions to include firewalls, Panorama, IPSEC VPN, Threat Protection, and Global Protect.
- Experience with network TAPS and Bypasses
- Understanding of signature-based detection mechanisms and event-based detection methodologies.
- Strong understanding of TCP/IP analysis with Wireshark/Tshark, tcpdump, etc.
- Ability to triage events and escalate incidents as necessary
- Advanced Linux skills
- Must be able to script in at least one language.(Preferably Python, Ruby, PowerShell, BASH)
- Packet capture and reassembly
- NetFlow analysis
- Advanced malware/ransomware defense
- OSINT collection and analysis
Abilities/Skills (candidate should possess most of these):
- Ability to identify and resolve complex issues and develop security solutions to meet CareFirst’s business and technology goals.
- Strong written documentation skills and technical writing are required.
- Excellent presentation and verbal communication skills.
- Ability to effectively complete tasks with a minimal level of supervision.
- Possess broad understanding of the following systems/skill sets:
- System hardening concepts and techniques
- Firewalls: Palo Alto Networks, Checkpoint, Juniper or Cisco
- Network and remote access controls
- Advanced routing protocols such as BGP
- Exposure to one or more cloud environments - AWS or Azure
- Cloud security methodologies and technologies
- Threat / Intrusion Prevention technologies
- Professional certification such as CISSP, CISM (lead level only)
- Palo Alto Networks Certified Network Security Administrator (PCNSA)
- Palo Alto Networks Certified Network Security Engineer (PCNSE)
- Advanced experience in cloud environments, specifically Amazon Web Services and Microsoft Azure.
- Ability to understand and apply appropriate policies and procedures.
- Basic understanding of SIEM tools and system log analysis.
- Experience with Splunk or Elasticsearch
- Knowledge of ethical hacking techniques and counter attack methodologies.
- Familiarity with penetration testing tools
- Experience with Bro, Zeek, SNORT or Surricata
- Familiarity with scripting and/or automation technologies such as Python and Ansible are highly desirable
- Experience working with CyberSecurity tools in a large, complex, multi-platform environment.
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 2/28/2020
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship