Application Security Architect - Blue Cross Blue Shield Association Washington D.C., USA and Chicago Bookmark Share Print 615 1 8

Listing Description

Secure all AD OPS applications, services and related infrastructure in both cloud and on premise environment through analyzing existing security structures, creating new and enhanced security methods. Also drive cultural change geared towards security across the AD-Ops team while ensuring adoption and compliance of the required security standards across AD OPS teams.

Provide hands-on engineering support for Vulnerability Scanning, Sensitive data scanning, security audits, risk analysis, threat simulations to detect possible risks, penetration testing for security compliance.

Train and support developers, analysts, testers and other personnel engaged in product delivery to the appropriate level of software security knowledge to perform their responsibilities.

Provide security consulting including design, reviews and recommendations for various AD Ops Project initiatives and help develop a strong Security Design and help to get it approved by Information Security.Required Basic Qualifications:

MS or BS degree in Computer Science, Information Technology or equivalent experience required

10+ years of experience in various security domains including security engineering, Software Applications Security and Infrastructure security with hands-on coding experience, with a desired 3+ years in a relevant cloud development, automation, and orchestration

5+ years of hands-on experience supporting SAST and DAST in an enterprise environment

Experience in the design and implementation of enterprise-wide security controls to secure applications, systems, network, or infrastructure services.

Experience working in a cloud/IaaS environment – AWS is strongly preferred

Subject matter expertise in web application security and Mobile Application Security

Experience translating business and security requirements into proper policies that can be coded and tested via automation

Expert knowledge of Agile approaches to software development and able to put key Agile and DevSecOps principles into practice to deliver solutions incrementally

Experience with workflow, publishing, analytics, portal, mobile, big data, cloud and other leading-edge technologies and respective security concepts

Knowledge of unique security risks and capabilities with IaaS, PaaS, and SaaS

Experience working with complex network topologies

Experience working in a cloud/IaaS environment – AWS is strongly preferred

Experience working with virtualization software such as VMWare and Open Stack

Experience working with security tools likes WhiteSource, Contrast

Experience with enterprise monitoring and logging solutions such as AppDynamics, Zabbix and Splunk

Has knowledge sharing approach to train counterparts and achieve scale. Ability to write security policies as code

Configuration Management tools such as Ansible

Test and build systems such as Jenkins, Maven, Ant

Must have a solid understanding of cloud systems — not only how they operate, but how to deploy them securely, efficiently, and with little-to-no downtime

Linux, Unix, and Windows operating systems proficiency

Preferred Basic Qualifications:

MBA or MS degree

Ability to present to top management, corporate committees, and workgroups and to communicate information security and risk management concepts

Demonstrated ability making operational decisions, monitoring progress and reporting results

Technology Experience Preferred: Java and the J2EE Environment, strong UNIX administration skills, scripting and automation experience, strong understanding of cryptographic algorithms and principles, strong understanding of networking fundamentals, addressing, TCP/IP, protocol and network analysis

Certified Information Systems Security Professional (CISSP )

Certified Secure Software Lifecycle Professional (CSSLP)

AWS Certified Security – Specialty

Equal Opportunity Employer

Blue Cross Blue Shield Association is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, national origin, age, gender identity, disability, veteran status, genetic information or any other legally protected characteristics