CareFirst Careers

Senior Cyber Security Specialist

Resp & Qualifications

Under the supervision of the Manager, Cyber Operations, the incumbent’s accountabilities include, but are not limited to the following:

  • Perform security event monitoring and triage using relevant security technologies such as security information and event management (SIEM) and security orchestration and automated response (SOAR), in a SOC/CIRT environment
  • Perform in-depth analysis on security events, intrusion detection, malware analysis, threat hunting and all phases of security investigations and incident response using a wide range of security platforms and utilizing industry best practice processes
  • Support and deploy systems, information security applications and hardware, and infrastructure components to protect the security of CareFirst information. 
  • Provide appropriate training to other security specialists and external customers on developed standards, procedures and guidelines.
  • Implement necessary enhancements/updates/upgrades to existing security products.
  • Assist in the configuration and installation of security products. Where possible, suggesting and implementing possibilities to automate manual operational activities.
  • Represent Information Security in disaster recovery procedures and exercises.
  • Test and report on new technologies and reporting security concerns through the creation of security vulnerability assessments.
  • Serve as senior technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure to provide information security to the enterprise.
  • Provide support and guidance to a team of technically diverse personnel of junior level security specialists
  • Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure
  • Performing security governance through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.

Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
• Identity and access management
• Provide data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web applications and source code security, database security, etc.)
• Network devices and infrastructure, desktop/mobile devices and remote access to the network,
• Information governance to ensure data is managed based on its sensitivity.
• Information governance through information security policies, guidelines, and standards
• Perform day-to-day maintenance and addressing issues and problems associated with security tools.
• Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
• Provide off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
• Provide assistance with audit issues and concerns affecting the Information Security department
• Interact with other Technical and Operation Support Service teams to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage information security related concerns and satisfy directives.


• Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture. 
• Implement and assist in enforcement of company security policies.
• Document results of system and application reviews including corrective action taken and security related documentation.
• Assist with reviews of current and new CareFirst systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
• Apply creative thinking in problem solving and identifying opportunities for improvements in security.
• Utilize IDS/IPS systems, SIEM (Security Incident and Event Management) tools and network scanners to review, assess, and document incidents and vulnerabilities to improve security.
• Provide Information Security related recommendations regarding CareFirst infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability)

Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment. 
• Collaborate with other Information Security specialists, designers, developers, and architects. 
• Work with other technical teams in the organization such as IT Operations and IT Applications. 
• Share ideas, discuss alternatives, and seek input.  Suggest means to decrease vulnerability of systems, applications and processes.
• Maintain familiarity with state of the art concepts, procedures, software and techniques in Information Security in order to be able to effectively assess and develop the CareFirst Information Security environment.

SUPERVISORY RESPONSIBILITY: This position has no direct reports, but does serve in a senior capacity for more junior Cyber Security Specialists.


Required:  College Degree in an Information Security or Technology related field or equivalent experience plus 3 - 6 years related work experience.   The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping.  In depth understanding in multiple areas of Information Security such as networking (TCP/IP, OSI model, network protocols), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, switches, routers, IPSEC, IDS/IPS, etc.), voice technologies (session border controllers, MPLS, VOIP, etc.), authentication technologies, (TACACS, RADIUS, etc.), wireless architectures, encryption key management, and mobile device technologies.  Also, must have knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance.  The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.


• Successful candidate must be a motivated self-starter with a highly inquisitive and analytic mindset.
• Relevant cybersecurity subject matter expertise – especially in information security, network security, security event triage, intrusion analysis, malware, computer networking TCP/IP, and anomalous behavior.
• Experience as a security operations center (SOC) analyst
• Experience and skills in: continuous monitoring, information security alerting, security event triage, intrusion analysis, threat trends, malware, and anomalous behavior.
• Demonstrated experience with security information and event management (SIEM), security orchestration and automated response (SOAR), and other security technologies
• Experience in, or willingness to quickly learn, at least one security tool type such as IDS/IPS, network access control, firewall, anti-malware, etc
• Attention to detail and excellent analytical and problem-solving skills.
• Advanced written and verbal communication skills.
• Excellent organizational skills and ability to set priorities and handle multiple projects concurrently.
• Excellent analytical and problem solving skills
• Teamwork and collaboration skills are critical. This is not a position for someone who prefers to work alone.
• This position requires a bachelor’s degree in Cyber Security, Information Technology, Computer Science, Business or relevant work experience in application security analysis, systems analysis and/or testing background and experience with direct Business Analyst experience.
• Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.
• Must demonstrate understanding of industry standard security best practices
• Excellent knowledge of MS Office tool set – MS Word, MS Excel, MS Project and MS Visio. Preferred:
• Security Certification.
• Passion for Cyber Security
• Hands on experience with some or all: NetFlow and full packet capture technology, Intrusion Detection Systems (IDS), firewalls, AV, and other similar network security tools
• Experience with healthcare insurance industry, especially BCBS plans.
• Effective presentation, negotiation and influencing skills to interface with all levels of management and to facilitate large meetings across the CareFirst organization. Advanced written and verbal communication skills are critical.

• Specific knowledge of the CareFirst / FEPOC corporate structure.
• An understanding of the relationships among various units within the corporation.
• Ability to understand and apply appropriate policies and procedures.
•  Knowledge of ethical hacking techniques and counter attack methodologies.
• Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS and other appropriate security related tools and capabilities.
• Experience working with Information Security tools in a large, complex, multi-platform environment.

• Security Certification.
• Understands data analysis and modelling
• Experience with healthcare insurance industry, especially BCBS plans.
• Strong understanding of managed care principles, claims processing guidelines, Member contracts and Provider Agreements.
• Effective presentation, negotiation and influencing skills to interface with all levels of management and to facilitate large meetings across the CareFirst organization. Advanced written and verbal communication skills are critical.

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.



Department: CyberOps

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Closing Date

Please apply before: 4/17/21

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology