CareFirst Careers

Information Security Consultant (Cloud Security)

Resp & Qualifications


The Consultant, Information Security is responsible for recommending, architecting and leading the implementation of security solutions which provide authentication, authorization & system protection and hardening  services for internal and external applications, systems and services. The Consultant, Information Security works closely with Architects, applications owners & Managers to provide security guidelines and architecture consultancy to secure new applications and systems. The Consultant, Information Security works diligently towards identifying growing threats, vulnerabilities, incidents and comes out with recommendations that fits the existing security infrastructures within CareFirst.


Reporting to the CISO, the Consultant is accountable for a variety of tasks and deliverables, as listed below.

Support existing information security applications and infrastructure components. Work and collaborate with other teams in the enterprise, or with customers (internal and external) in resolving security ssues within the application security, identity access management and authorization, data security, network security, and threat and vulnerability management  domains. Troubleshoot issues across multiple applications and systems. Persist in fixing issues and supporting deployments during the maintenance window. Apply creative thinking in problem solving and actively identifying opportunities for system improvements. 

Develop proof of concept to validate design assumptions and solutions. Research new techniques and methodologies available to enhance Security risk posture. Work across teams to provide guidance and expertise in developing security solutions for application security, identity access management and authorization, data security, network security, and threat and vulnerability management security domains

Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture and with CareFirst security policies and guidelines. Create detailed documents using UML and similar diagraming methods, to be shared within and outside the team. Contribute and maintain our library of security design patterns, standards, policies, best practices, checklists, and other guiding artifacts.

Provide leadership in representing Information Security, specifically in the area of application security, access control, cryptography etc. Lead joint design sessions with stakeholders, including Portal team, Data team, and other technical teams at CareFirst. Coordinate implementation with other teams, while maintaining clear communication channel and keeping the project on track. Lead, guide and help other staff members on their assignments, technical roadblocks etc. Mentor other team members on business knowledge, system details, and complex technical issues. Contribute to new ideas in technology, process and solutions of information security beneficial to the team and the enterprise. 

This position is also subject to being "on call" for emergency situations requiring immediate resolution. 

Required Experience, Skills and Abilities:

This position requires a BA/BS in computer science or related IT field or equivalent experience and at least 12 years of related experience of which at least 5 years must be in IT Security and least 8 years must be in enterprise-wide architect capacity.

In addition:

• Lead and set security architecture strategy in close partnership with the business.
• Provide security architectural and technical guidance to support information system and infrastructure design, improvements, and planning
• Assess current and planned information systems to identify Information Security architecture issues and design solutions for gaps
• Gather technical and business requirements, develop roadmaps and communicate Information Security architecture strategy
• Ensure that Information Security architecture can be traced to specific business requirements, policies and principles that enable business objectives and reduce risk
• Document current security architecture, research best practices, conduct trend analysis, and identify gaps in developing future state Information Security architecture
• Develop strategic vision and roadmaps to advance the organization's security capabilities and align with business goals
• Develop security design patterns for protecting web, middleware, database and emerging technology paradigms such as cloud and mobile computing
• Provide thought leadership via public speaking, expert counsel, and research with a focus on emerging technologies
• Become a trusted advisor within the organization and a mentor to other senior staff
•Maintain operational security posture for information systems and programs to ensure information systems security policies, standards, and procedures are established and followed.
•Assist with the management of security aspects of the information security and performs day-to-day security operations of the system.
•Evaluate security solutions to ensure they meet security requirements for processing classified information.



  • This position requires the candidate to be able to work across the enterprise, to analyze business needs, security requirements and identify solutions that are the best fit.
  • The ideal candidate will need to have a wide range of technical and security skills and experience but yet able to do a deep dive into a technical solution when necessary.
  • The candidate will need to be able to multitask and handle multiple on-going projects and have the people skills to motivate other teams to work towards a common goal.
  • Strong experience with two or more security domains is desirable.
  • Experience with some or all of the following: Tivoli based Security systems (TIM, TAM, TFIM), LDAP, System admin level experience in Unix/Linux based system, WebSphere administration and tuning, Web Services Security, Oracle database administration, Firewall configuration, Intrusion Preventions Systems, and similar security devices.
  • CISSP/CISM/SANS certifications
  • 5+ years of cloud security and migrations


Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 2/14/21

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology