Cloud Security Engineer I-III

Blue Cross Blue Shield of Arizona is a local, independent Blue Cross Blue Shield Association and a not-for-profit health insurance company headquartered in Phoenix. Founded in 1939, the company has more than 1,800 dedicated employees throughout its Phoenix, Tucson, Chandler and Flagstaff offices. Providing health insurance products, services and networks to more than 1 million Arizonans, Blue Cross Blue Shield of Arizona offers various health plans for individuals, families, and small and large businesses. Blue Cross Blue Shield of Arizona also offers Medicare supplement plans to individuals over age 65.

Blue Cross Blue Shield of Arizona helps to fulfill its mission of improving the quality of life of Arizonans by delivering a variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.

• Level 1 Cloud Security Engineer I (grades 30 - 31)
• Level 2 Cloud Security Engineer II (grade 32)

• Level 3 Cloud Security Engineer III (grade 33)
• Level 4 Cloud Security Engineer IV (grade 34 - 35)

• Implement the company's cloud controls, tools, and processes. This includes developing solutions to secure business technologies proof of concept evaluation, implementation, collaborating on strategy and roadmaps, developing infrastructure diagrams and designs, and providing security governance. Cloud Security Engineers work with cross functional teams including Infrastructure, Operations, Business, and Application Development. Additionally, Cloud Engineers act as consultants to the organization and need to stay up-to-date on the latest trends and issues.
• Assess and design security guard rails to allow development of company projects and initiatives allowing forward movement both quickly and securely. Keep current on emerging cloud security technologies and controls.
• Strive to ensure new technology solutions are designed for optimal security, user experience and availability while meeting SLAs, regulatory compliance ( PCI, HIPAA, ISO, NIST or HITRUST) and leveraging existing technologies where possible. Understands system-wide impacts to address security gaps and move toward future state architecture to support growth, optimization and innovation.

REQUIRED QUALIFICATIONS

Required Work Experience

• 5 years of systems engineering or networking engineering experience
• 1 year of experience leading cultural change for cloud adoption, developing and coordinating cloud architecture, and developing a cloud strategy and coordinating the adoption process.

Required Education

• High-School Diploma or GED in general field of study

Required Licenses

• N/A

Required Certifications

• N/A

PREFERRED QUALIFICATIONS

Preferred Work Experience

• 10 years of systems engineering or networking engineering experience
• 5 years dedicated security experience
• 3 years of Cloud Security Preferably Azure
• 3 years Leading cultural change for cloud adoption, developing and coordinating cloud architecture, and developing a cloud strategy and coordinating the adoption process.5 years of experience implementing and securing public, private and hybrid cloud technologies.
• 1 year of experience securing IaaS, PaaS, and SaaS solutions including O365
• 1 year of experience with security automation and orchestration such as Terraform, scripting, deploying Infrastructure as code, GIT, and DevSecOps.
• 1 year of experience with project management and architecture.
• 1 year of experience interfacing with executive level management.
• 1 year of experience with securing containerization. i.e. AKS, Docker, server less computing.
• 1 year of experience establishing process and procedures regarding cloud technologies.
• 3 years dedicated security experience
• 1 year of Cloud Security Preferably Azure

Preferred Education

• Bachelors degree in Computer Science, Information Systems, or related field

Preferred Licenses

• N/A

Preferred Certifications

• Level 1 - 1 of the preferred cloud security certifications
• Level 2 - 2 of the preferred cloud security certifications
• Level 3 - CISSP and 3 additional security certifications
• Level 4 - CISSP and 4 additional security certifications
  • Microsoft Azure Solutions Architect
  • Microsoft Azure Security Engineer Associate
  • AWS Solutions Architect
  • AWS Certified Security
  • Cloud Security Alliance (CCSK)
  • ISC2 Certified Information Systems Security Professional (CISSP)
  • ISC2 Certified Cloud Security Professional (CCSP)
  • CCNA Cloud
  • CCNP Cloud
  • Certified Ethical Hacker (CEH)

Level 1 - Performs job functions under close supervision or peer review

• Evaluate and optimize existing security tools and systems to maximize investments, drive efficiency, and automate actions for the security teams.
• Identify gaps in security coverage and make appropriate recommendations to fill the gaps.
• Assist in the deployment of system enhancements.

Level 2 - Performs job functions with general supervision

• Collaborate on standards and policies for cloud IaaS and PaaS service adoption, providing clarity for enabling compliant and secure Cloud solutions that meet project and initiative milestones.
• Educate and influence others in order to gain buy-in on proposed solutions.
• Collaborate well with peers and team members in the areas of technical skills and competencies.
• Monitor the compliance to standards, policies, and procedures.
• Prepares system security reports by collecting, analyzing, and summarizing data and trends.

Level 3 - Performs job functions with minimal supervision

• Participate in research and development efforts (proofs of concept, prototypes), as subject matter expert, when introducing new technologies
• Educate and influence others in order to gain buy-in on proposed solutions.
• Keep current and informed of cloud technologies and best practices.
• Plans and implements security systems ensuring that the proper preventive, detective, and reactive controls are implemented to meet security requirements.
• Assess business process, technology and information architecture at logical, system and component levels to understand the risk posture, apply critical thinking, and determine the security models and design. Deliver recommendations to continuously improve the security posture of the organization.
• Evaluate business strategies, requirements, and initiatives and derive appropriate security requirements
• Act as mentor to junior members of the team.
• Assist in Developing and conducting cloud security training programs.
• Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Ensures all personnel have access to the IT system limited by need and role.

Level 4 - Performs job functions in a lead capacity

• Serve as a subject matter expert on cloud security issues and questions.
• Collaborate in the Cloud Center of Excellence agenda and follow up; acting as the cloud subject matter expert.
• Develop and implement cloud solutions that are designed for HIPAA and other regulatory compliance such as PCI, NIST or HITRUST, optimal access and usefulness, and leverage existing technologies when possible.
• Keep current and informed of cloud technologies and best practices.
• Provide leadership and knowledge during all cloud adoption activities.

ALL LEVELS

• Each progressive level includes the ability to perform the essential functions of any lower levels and mentor employees in those levels.
• The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
• Keep current and informed of cloud technologies and best practices.
• Maintain and peruse additional cloud security certifications as part of continuing education required by the position
• Perform all other duties as assigned.
• Participate in on-call rotation.

REQUIRED COMPETENCIES

Required Job Skills

• Advanced knowledge of IAM and PAM.
• Knowledge and experience of Cloud IaaS and PaaS solutions
• Knowledge and experience of Microsoft Windows and Linux Operating Systems
• Knowledge and experience of containerization solutions such as Docker, Azure AKS or other Kubernetes platforms
• Knowledge of automation for implementing Infrastructure as Code and Agile pipelines using solutions such as VMWare vRealize, Terraform, Chef, Puppet, Ansible or Powershell.
• Knowledge and experience of network concepts including routing and firewall controls
• Knowledge and experience of identity, SSO and access controls
• Knowledge and experience of security controls, CIS Top 20, OWASP Top 10.
• Knowledge and experience of cloud security principals, architectures, and best practices
• Knowledge and experience of security concepts like authentication, authorization, perimeter security, access control, least privledge, confidentiality, and integrity.
• Experience in the deployment and ongoing support of a wide variety of security systems.
• Experience working with and managing third parties.
• Experience with a wide variety of network and infrastructure security tools and systems.
• Knowledge and experience of network security systems, authentication mechanisms, threats, and controls (levels 3 and 4).

Required Professional Competencies (Applies to All Levels)

• Ability to utilize analytical skills, take appropriate risks, while dealing with ambiguity and make effective decisions using available data.
• Ability to be approachable, develop peer relationships and build synergy with a diverse team in an ever-changing environment
• Anticipate downstream technical needs and steer architectural designs to appropriately factor in considerations.
• Analytical skills to support independent and effective decisions.
• Ability to be customer focused with verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.
• Be driven for results and work effectively with management, project managers, business analysts, developers, engineers, architects, system administrators, and QA to conceive, design, and deliver successful solutions.
• Work with all levels of management and functional areas in BCBSAZ and understand the potential implications of system changes to those areas.
• Ability to be self-aware and emotionally intelligent, able to give and receive constructive feedback and continue self-development.

Required Leadership Experience and Competencies

• Speak to C-level executives about Security designs and ongoing projects
• Ability to prioritize tasks and work with multiple priorities, sometimes under limited time contstraints. (Applies to Levels 2 - 4)
• Ability to provide mentoring and peer review to team members (Applies to Levels 3 and 4)
• Provide leadership, promote teamwork, meet objectives and exercise independent judgment (Applies to Level 4)
• Ability to build synergy with a diverse team in an ever-changing environment (Applies to Level 4)

PREFERRED COMPETENCIES

Preferred Job Skills

• Expert knowledge designing highly redundant, scalable, multi-tier enterprise transaction processing systems from front end to back end.
• Expert knowledge and experience with a variety of governance standards and frameworks
• Expert knowledge and experience in deploying and supporting a variety of cloud security concepts (SaaS, PaaS, IaaS) and mobile architectures
• Experience with automation for implementing Infrastructure as Code and Agile (CI/CD) pipelines using solutions such as VMWare vRealize, Terraform, Chef, Puppet, Ansible or PowerShell.
• Experience with containerization solutions such as Docker, Azure AKS or other Kubernetes platforms
• Expert knowledge of HIPAA, ISO, NIST, HITRUST security and privacy standards.
• In depth knowledge of healthcare and health plan data structures and business processes and workflows.
• Demonstrated thorough understanding of modern enterprise infrastructure and cloud solutions, hands-on experience with Infrastructure hypervisor, compute and storage platforms.
• Knowledge of Security, Application Development, Infrastructure and Operations.
• Knowledge of network security systems, authentication mechanisms, threats, and controls (levels 1 and 2).
• Knowledge of modern authentication, multi-factor technologies, implementation and appropriate use cases.
• Knowledge of security concepts like authentication, authorization, perimeter security, access control, least privledge, confidentiality, and integrity (levels 1 and 2).
• Knowledge of encryption, key management, and appropriate use cases
• Knowledge of implementing IT strategy, enterprise architectures and security architectures
• Knowledge of third party auditing and cloud risk assessment methodologies

Preferred Professional Competencies (Applies to All Levels)

• Strong analytical skills to support independent and effective decisions
• Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.
• Perseverance in the face of resistance or setbacks.
• Able to operate at highly varying levels of abstraction including business strategy, product strategy, technical design and implementation.
• Strong project management and delivery skills

Preferred Leadership Experience and Competencies (Applies to All Levels)

• Experience implementing projects and working collaboratively with other departments levels.
• Demonstrated ability to lead and deliver multiple large initiatives at a time.
• Present to executive leadership about designs and ongoing projects.

Our Commitment

BCBSAZ does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

Thank You

Thank you for your interest in Blue Cross Blue Shield of Arizona. For more information on our company, see azblue.com. If interested in this position, please apply.