CareFirst Careers

Lead CyberSecurity Engineer

This job posting is no longer active

Resp & Qualifications


As a member of the CyberSecurity Operations Center’s Engineering team, you are responsible for defending the enterprise network from threats and adversaries, both internal and external.  The CyberSecurity Engineering team is at the forefront of security technology research, architecture, deployment, implementation and operation for all aspects of network related security throughout the enterprise.

PRINCIPAL ACCOUNTABILITIES: Under the direction of the Manager, CyberSecurity Engineering, the incumbent is responsible for, but is not limited to, the following:


  1. Next-Gen firewall architecture for a complex, geographically distributed organization utilizing a mixture of on-premises and cloud infrastructure.
  2. Administration of the firewall environment including services such as VPN Gateways, URL filtering, SSL Decryption and Advanced Threat Protection.
  3. Responsible for the installation and operation of network security systems across the entire organization.
  4. Using Network and Host-based Intrusion Prevention systems to identify anomalous activity within the boundaries of the network.
  5. Configuration and monitoring of Network-based anomaly detection solutions.
  6. Develop and maintain playbooks documenting security controls and responses to specific threats.
  7. Analyze data and telemetry from network security tools to improve control efficacy and validate control results.


This position supports the overall mission of the CyberSecurity Operations Center, which is to detect and defend the enterprise from threats, both internal and external.  As a CyberSecurity subject matter expert, you will be engaged throughout the event lifecycle from detection to analysis through eradication.  You can also expect engagement with various cross-domain, cross-functional teams as an SME and incident responder.


Direct Reports: (None)



Required Education and Experience:

Degree or equivalent experience: BA/BS in Information Technology, Networking, Security, MIS, Computer Science or related field

Years of experience: Minimum 5+ years of demonstrated work experience.  (Additional experience may be substituted for educational requirement.)


Specialized training (preferred, but not required):

  • PCNSE – Palo Alto Networks Certified Network Security Engineer
  • PCCSE – Palo Alto Networks Prisma Certified Cloud Security Engineer
  • PCSAE – Palo Alto Networks Certified Security Automation Engineer
  • Vendor specific tools training, SANS security training, GIAC Certifications
  • Demonstrated commitment to training, self-study and maintaining proficiency in the technical CyberSecurity domain

Other requirements (preferred, but not required):

Ability to obtain one professional certification within 6-12 months


Required Skills and Abilities:

Incumbent must have a firm understanding of Information and/or Cyber Security principles.  Must be able to adapt quickly to understand rapidly changing threat landscape in order to correctly scope and prioritize security events.  The incumbent must also be able to achieve certification across multiple domains such as networking, security, development languages, etc.

Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time.  Must be able to effectively communicate.

Required skills:

  • Thorough knowledge of Palo Alto Networks’ product solutions to include firewalls, Panorama, IPSEC VPN, Threat Protection, and Global Protect.
  • Experience with network TAPS and Bypasses
  • Experience managing Threat Prevention policies across a large, distributed environment
  • Understanding of signature-based detection mechanisms and event-based detection methodologies.
  • Strong understanding of TCP/IP analysis with Wireshark/Tshark, tcpdump, etc.
  • Ability to triage events and escalate incidents as necessary
  • Solid experience with routing, switching, VPN, wireless infrastructure, load balancer technology, and packet brokers.
  • Advanced Linux skills
  • Must be able to script in at least one language.  (Preferably Python, Ruby, PowerShell, BASH)
  • A solid understanding of securing AWS and Azure infrastructures.


  • Familiarity with Splunk or Elasticsearch
  • Packet capture and reassembly
  • NetFlow analysis
  • Deep experience analyzing firewall log data
  • Advanced malware detection and prevention
  • OSINT collection and analysis
  • Familiarity with AWS log data such as CloudTrail, CloudWatch and VPC Flow Logs

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on federal health care programs.


The physical demands described here are representative of those that must be met by an associate to perform the essential duties and responsibilities of the position successfully.  Requirements may be modified to accommodate individuals with disabilities.

The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights of up to 10 pounds are occasionally lifted.


Not finding the right job?
Stay informed about future openings by joining one of our Talent Networks!

Learn more about Information Technology