We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Application Security Engineer

Blue Cross Blue Shield of Arizona
United States, Arizona, Phoenix
2444 W Las Palmaritas Dr (Show on map)
Nov 13, 2024

Awarded a Healthiest Employer, Blue Cross Blue Shield of Arizona aims to fulfill its mission to inspire health and make it easy.AZ Blue offersa variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.

We are hiring for a future start date of 1/1/2025.

This position is hybrid within the state of AZ only. This hybrid work opportunity requires residency, and work to be performed, within the State of Arizona.

PURPOSE OF THE JOB
  • Performs ongoing security vulnerability assessments and application pen tests, including identifying, assessing, and driving remediation of application vulnerabilities. Develops security improvements for the company's websites and backend applications and serve as a SME on website and application-related projects. Researches and recommends emerging security technologies/tools to address current and future threats and creates and maintains documentation as it relates to security designs/configuration, processes, and requirements. Participate in security incident response processes. Mentors' development teams on use of secure coding practices and evangelize secure software development practices and processes throughout the SDLC.

REQUIRED QUALIFICATIONS

Required Work Experience

  • 8 years of experience with application design and development.
  • 3 years as application security engineer analyzing the application modules for enhancing the application security.

Required Education

  • Bachelor's degree in business, information technology, computer systems, or related field

Required Licenses

  • N/A

Required Certifications

  • N/A

PREFERRED QUALIFICATIONS

Preferred Work Experience

  • 10 years of experience with application design and development.
  • 5 years as application security engineer analyzing the application modules for enhancing the application security.
  • Proven experience with web pen testing and application vulnerability assessments

Preferred Education

  • Master's degree in business, computer science or related field

Preferred Licenses

  • CISSP, CEH and/or CSSLP Certifications

Preferred Certifications

  • Technical certifications in software and systems design and development
ESSENTIAL JOB FUNCTIONS AND RESPONSIBILITIES

Application security

  • Participate in the building, automation, and operation automated security review capabilities across multiple technology stacks and languages throughout the SDLC
  • Coordinate security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security throughout the SDLC.
  • Drive assessment of applications to identify and prioritize risks, driving prioritization and remediation across application development teams.
  • Be an expert on vulnerabilities and attack vectors that have the potential to impact to BCBSAZ systems
  • Proactively identify and implement products and tools to ensure security of our applications, collaborating with all areas of IT to harden our environment

Strategy

  • Participate in developing technical strategy; apply and promote security technology that optimizes the portfolio of technologies, tools, products, and applications.
  • Work IT leaders and subject matter experts to use technology to improve overall corporate security posture.
  • Deliver assessment services, develop business cases, design solution architecture, and recommend multi-phased, complex migration programs that address application security.

Project Management

  • Develop timelines, work estimates, cost projections, and manage projects related to application security initiative to approved guidelines; review and consult on design and technical approach of projects to ensure consistency.

OTHER

  • The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
  • Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
  • Perform all other duties as assigned.

REQUIRED COMPETENCIES

Required Job Skills

  • Deep .NET and Java knowledge, certified developer or expert-level knowledge with .NET and Java and related technologies with security tools.
  • Expert knowledge application security technologies and authentication protocols.
  • Excellent communication skills to document and explain security vulnerabilities and technical risks to a technical audience and business audience.
  • Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
  • Strong experience in System Architecture, Design, Development and integration and deployment of multi-tier mission critical application systems
  • Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, and scalable architectures
  • Demonstrated application of architectures and designs that employ design patterns
  • Highly developed oral and written communication skills as well as presentation skills. Interest in all aspects of application security research and development
  • Familiarity with fundamentals of software configuration management, automated build processes, and source code control systems.
  • Strong database background and experience with Oracle or MS SQL Server.
  • Experience in developing, deploying REST API or SOAP based Web Services for application integration services.
  • Experience with PKI, Hardware Cryptographic Modules
  • Expert technical skills related to analysis and design techniques for batch, real-time, and online systems
  • Advanced knowledge and experience with application technologies implemented within delivery organization
  • Advanced skill in computer system validation including SOP development, implementation and adherence
  • Advanced Knowledge of hardware, software, telecommunications, operating systems, and applications. .
  • Experience working with high volume, transactional, large capacity systems in a 24x7 environment.
  • Experience and knowledge of Agile practices.

Required Professional Competencies

  • Ability to take appropriate risks, using available data.
  • Ability to build synergy with a diverse team in an ever-changing environment
  • Anticipate downstream technical needs and steer architectural designs to appropriately factor in considerations.
  • Strong analytical skills to support independent and effective decisions.
  • Strong verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
  • Highly skilled at designing and implementing multiple tier architecture solutions, developing high-performance and secure systems and system integration
  • Work effectively with management, project managers, business analysts, developers, engineers, architects, system administrators, and QA to conceive, design, and deliver successful software solutions.
  • Able to operate at varying levels of abstraction including business and product strategy, design, and implementation

Required Leadership Experience and Competencies

  • Provide leadership, promote teamwork, meet objectives and exercise independent judgment
  • Experience leading and implementing projects and working collaboratively with other departments levels
  • Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.

PREFERRED COMPETENCIES

Preferred Job Skills

  • Knowledge of HIPAA security and privacy standards.

Preferred Professional Competencies

  • N/A

Preferred Leadership Experience and Competencies

  • N/A

Our Commitment

AZ Blue does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

Thank you for your interest in Blue Cross Blue Shield of Arizona. For more information on our company, see azblue.com. If interested in this position, please apply.

Applied = 0

(web-5584d87848-9vqxv)