CareFirst Careers

Information Security Consultant (PKI/HSM)

Resp & Qualifications



Under the supervision of the Manager of Identity Engineering & Development, the incumbent’s accountabilities include, but are not limited to the following:

The Lead Cyber Security Specialist role is designed to support the Digital Credential Technology PKI / HSM Lead position within Information Security. This role will align to the public key infrastructure (PKI) security domain within Information Security focusing on architecture planning, design, and related functions in the areas of PKI, encryption solutions, cryptographic services, key management and related security technologies within the enterprise. This position requires excellent experience in understanding, the complexity of enterprise PKI and encryption, how to apply encryption and key management technology solutions in various environments. Which includes digital signing capabilities, public key-based encryption, and authentication services using digital certificates. Standards-based development of solutions is critical, as well as understanding and have developed standard, documentation for PKI environments such as CP and CPS material. Guiding process development for the process driven functions related to PKI environment is an important skill too.

  • Leads, Architects and Solutions PKI / HSM using Thales hardware and related software. Will be responsible to standup the PKI / HSM environment and be able to install and support the implementation from ground up.
  • Excellent understanding X.509, RSA and general certificate management processes, has solid experience with public key infrastructure (PKI) with certificate lifecycle management. Administering of HSM clusters and Microsoft Certificate Services.
  • Experience with commercial Certificate Authority providers and authoring Certificate Polices and Certification Practice Statements (CP/CPS).
  • Participates in design efforts for security and PKI / HSM implementation, document and support the implementation effort.
  • Recognized as lead / subject matter expert for PKI / HSM security-related technologies. May participate in training of new Associates on CareFirst PKI / HSM technologies and operating procedures.  Facilitates communication between all key IT groups and the customer community on PKI / HSM security-related items.
  • Good knowledge in Cloud concepts, Architecture, Administration and Cloud security primarily related to Azure & O365.



  • College Degree in an Information Security or Technology related field or equivalent experience and 6 - 8 years related experience. 
  • The incumbent will possess an extensive knowledge of information security concepts, information security policies and system architecture concepts. 
  • In-depth knowledge and proven experience working with PKI / HSM solutions. The incumbent should have a demonstrated ability to work independently and effectively with PKI / HSM information security tools in a large, complex, multi-platform environment.


  • Excellent written, presentation and verbal communication skills.
  • Ability to coordinate projects and tasks in line with department and company goals and objectives.
  • Ability to self-direct and work independently.
  • Possess good working knowledge and understanding of Microsoft Certificate Services, SSL certificates, PKI, credential stores such as Microsoft Active Directory and IBM Directory Server environments and their related security capabilities and functions.
  • Knowledge of CyberArk and related PIM technologies desirable.
  • Strong analytical / problem solving skills.
  • Good understanding of basic networking concepts, firewalls and load balancers.



  • Ability to readily understand and apply appropriate policies and procedures.
  • Good working knowledge of security related regulations.
  • Excellent Knowledge with Public key infrastructure.
  • Strong authentication / multi-factor authentication technologies skills.
  • Data Protection.
  • This position will require twenty-four by seven support responsibilities. Incumbents will need to travel among CareFirst’s corporate locations.


Department: Identity Engineering & Development.

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 12/13/2020.

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology