About Blue Cross
At Blue Cross, we understand the importance of finding a job that you truly enjoy — at a company that shares your values. We’ve made it easy to feel good about working at Blue Cross by encouraging volunteerism, valuing diversity and offering the flexibility you need to live a balanced life. We offer a suite of comprehensive medical and dental benefits as well as competitive pay, flexible work schedules and generous personal paid time off in addition to 20 hours of volunteer paid time off each year. We look forward to serving Minnesotans over the next 80 years and beyond. Join us and make a healthy difference through the work you do every day.
Blue Cross and Blue Shield of Minnesota is one of the most recognized and trusted health care brands in the world with 2.9 million members. We’re committed to reinventing health care to improve health for our members and the community. We hope you'll join us.
How Is This Role Important to Our Work?
In this position you will have an opportunity to work in an enterprise cloud environment that respects and appreciates concepts like Infrastructure as Code, mature CICD pipelines, architecture and design documentation, but balances our ability to deliver and secure systems for the enterprise. This means you’ll be part of a team that strives to have mature capabilities but is also hands on building new solutions. The ideal candidate will have significant experience in a variety of IT or security systems, but more recently has had exposure with building or securing systems in AWS. This position will give you an opportunity to learn a lot and share your knowledge with others. Ultimately, this candidate will need to have a strong desire to tackle challenging problems and work as part of a team to deliver solutions.
The Security Engineer Senior is responsible for the execution of standards and guidelines that support and secure the design of technology solutions including implementing solutions requiring integration of multiple platforms, operating systems, servers, and applications across the enterprise. Performs analysis and evaluation of customer technical and analytical requirements to align them with security best practices and requirements. Plans, develops, tests and documents systems and provides follow up to ensure success and security of the environment. Responsible as an advanced technical resource in one or more critical services or technologies and applies comprehensive knowledge in one or more areas. May function in a Lead role.
A Day in the Life:
- Conducts detailed analysis and study of customer requirements for new or existing projects to determine feasibility, cost and time required, and compatibility with current systems and hardware capabilities.
- Develops and documents the framework for integration and implementation for changes to technical standards.
- Develops moderate to highly complex infrastructure interactions to ensure the security, stability, recoverability, and access to systems and information.
- Advises on enterprise-wide infrastructure systems growth requirements, capabilities, and constraints to ensure the long-term functionality and operation standards.
- Participates in the RFP process to evaluate and select vendor solutions.
- Oversees and evaluates the work of contractors and vendors to ensure quality services.
- Participates in or leads cross-functional initiatives on the development and implementation of enterprise-wide major installations, upgrades and process changes.
- May have accountability for project execution and resource allocation.
- Facilitates knowledge sharing by creating and maintaining detailed, comprehensive documentation and diagrams.
- Provides technical guidance or mentorship to others as appropriate.
- Tracks industry trends and maintains knowledge of new technologies to better serve the enterprise architecture needs.
- Performs systems support activities and may include required participation in an on-call rotation for support of systems outside of normal business hours.
- Participates in structured cross-functional processes including architecture, change, risk, resiliency, incident, problem, CMDB, and asset management.
- Assists manager in facilitating goal accomplishment by providing work direction to assigned employees and by monitoring the status of work on a daily basis.
- Clarifies roles and responsibilities of assigned employees based on direction from the manager.
- Provides coaching or mentoring as requested or deemed appropriate based on direction of the manager.
- Assists manager in facilitating resource allocation to ensure appropriate staffing levels.
- Shares feedback with the manager as requested or deemed appropriate, and may make recommendations for performance reviews.
- May make recommendations to the manager for team and individual recognition.
- Performs day to day support activities for Identity and Access Management, security engineering, and cloud security architecture.
- Represents Information Security on IT and business sponsored projects to ensure the success of the project, while also ensuring information security standards are implemented.
- Partners with our DevOps engineers to mature and improve our CICD pipeline and building automation towards a DevSecOps environment.
- Works with a large number of AWS services supporting our front-end developers, back-end developers, and data analytics groups.
- Reviews new AWS services, evaluates potential security challenges, helps DevOps engineers develop Terraform to support our Infrastructure as Code environment.
- Helps design B2B integrations using APIs and OAUTH/OIDC.
Nice to Have:
- In-depth knowledge of BCBS computer methodologies.
- Advanced knowledge of multiple business areas.
- Technical Certification Participation in user groups (ACM, IEEE) or security certification (CISSP, CEH, GSEC, etc) or AWS Certification
Required Skills and Experiences:
- Bachelor’s degree preferably in Computer Science and 5 years of experience in the implementation of information engineering projects, systems analysis, design and programming, systems planning, and business information planning or 9 years of related experience in lieu of a degree.
- Advanced level knowledge of infrastructure design, implementation, administration, planning, and developing.
- Advanced level knowledge of technical, business, and industry.
- Very strong oral and written communication and presentation skills.
- Very strong human relations skills to effectively interact with leadership and management, peers, business partners and vendors.
- Highly skilled at systems, creative, critical, and analytical thinking, decision making and problem solving.
- Advanced or specialized understanding of the standards and deliverables to ensure integrity of the systems engineering process.
- Advanced level knowledge of internal area applications.
- Advanced level skills at hands-on communication, collaboration, and leadership.
- Highly skilled at influencing and motivating individuals and teams.
- Advanced level knowledge of at least one and basic knowledge of other core technologies such as: LDAP, SSL, SAML/OAUTH, RADIUS, RBAC, APIs, Networking, software deployment, programming or scripting languages
- Experience designing, building, architecting, or securing systems in public cloud platforms, preferably AWS.
- Experience integrating cyber security logging controls into an AWS environment using CloudTrail and/or CloudWatch
Security Engineer Sr.
Make a difference
Thank you for your interest in Blue Cross. Be part of a company that lets you be you — and make a healthy difference in people’s lives every day
Blue Cross is an Equal Opportunity and Affirmative Action employer that values diversity. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on race, color, creed, religion, sex, national origin, genetic information, marital status, status with regard to public assistance, disability, age, veteran status, sexual orientation, gender identity, or any other legally protected characteristic.
Blue Cross® and Blue Shield® of Minnesota and Blue Plus® are nonprofit independent licensees of the Blue Cross and Blue Shield Association.