Agile Modeling, Analysis Skills, Applications Security, Artificial Intelligence (AI), Backlog Prioritization, Best Practices, Code Reviews, Computer Security, Continuous Deployment/Delivery, Continuous Integration, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, ISSAP - Information Systems Security Architecture Professional, Information/Data Security (InfoSec), PCI-DSS, Presentation/Verbal Skills, Regulations, Risk Management, Security Consulting, Security Monitoring, Software Development Lifecycle (SDLC), Threat Modeling, Unit Test, Writing Skills
Your Role
The Application Security team reports to the Director of Information Security and is responsible for driving continual risk reduction across application services. This role partners closely with development teams, providing security oversight at each stage of the Software Development Lifecycle while enabling the business to operate securely at scale.
Your Knowledge and Experience
- Bachelor''s degree or equivalent experience
- Requires 7 years prior relevant experience with at least 2 years working in Application Security
- Deep, demonstrated understanding of Application Security paradigms and common risks (i.e. OWASP Top Ten)
- Strong understanding of Agile delivery models and backlog management
- Ability to manage multiple complex workstreams and successfully interact with all levels of management
- Experience with regulatory certifications such as HIPAA, SOC2, PCI-DSS and FedRAMP
- Excellent verbal / written communication, collaboration, analytical and presentation skills
- Experience with AI/ML concepts and tools desired
- Preferred experience working within the Healthcare industry
- CISSP-ISSAP certification preferred
Hybrid
This role requires employees to be in - office based on our hybrid workplace model, balancing purposeful in - person collaboration with flexibility. For most teams, this means coming into the office two days each week.
Employees living more than 50 miles from an office location will work with their manager to determine in-office time based on business need.
#LI-CP4
Your Work
In this role, you will:
Evaluate new solution proposals and provide security requirements
Perform STRIDE based threat modeling
Complete secure source code reviews
Create and review CICD layer security unit tests
Administer our bug bounty program
Coach security champions in our partnering teams
Provide general security consulting
Create and leverage AI solutions for streamlining your work
Drive continual maturation of our Application Security program, consistent with proven industry best practices and maturity models.
Your Work
In this role, you will:
Evaluate new solution proposals and provide security requirements
Perform STRIDE based threat modeling
Complete secure source code reviews
Create and review CICD layer security unit tests
Administer our bug bounty program
Coach security champions in our partnering teams
Provide general security consulting
Create and leverage AI solutions for streamlining your work
Drive continual maturation of our Application Security program, consistent with proven industry best practices and maturity models.
B
Blue Cross and Blue Shield Association
At the Blue Cross and Blue Shield Association (BCBSA), we provide business strategy, technical support and consulting expertise to 36 Blue Cross and Blue Shield companies across the nation, employing more than 1,000 of the best strategic thinkers in the industry. We are a Brand manager that sets quality control standards for the 36 independent companies that use the Blue Cross and Blue Shield Brands, and we serve as a trade association that represents these Blue companies. It is through our involvement that the Blues companies share a united vision and strategy while also benefiting from the local strength of all member companies.
2,000 to 2,499 employees
https://www.bcbs.com/about-us/careers