A Security Engineer III strives to enforce security best practices, policies, standards and guidance to ensure the safeguard of BCBST’s proprietary data, physical infrastructure and resources from internal and external threats. The Security Engineer III is required to maintain an extensive understanding of services provided by BCBST and to develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company.
Job Duties & Responsibilities
Perform certain activities that assure management that information assets are both protected and managed and end users are held accountable for their actions on various systems at Blue Cross Blue Shield of Tennessee.
Coordinate analysis, recommendation and implementation of information security projects to assure new or revised systems are implemented with adequate consideration to information security. This includes controlling project time frames and target dates, conducting project status meetings with team members and providing status reports to applicable management.
Implement security operations management of operating systems, security applications or network infrastructure components to provide security configurations, controls for user account access, monitoring of services, centralized logging, network connectivity, job scheduling execution and routine maintenance through the use of administrative tools and methodologies
Increase the corporation’s level of assurance in the integrity, confidentiality and availability of corporate information assets.
Identify, implement, and maintain information security initiatives through research and analysis of new technology.
Review the results from auditing of applications, operating systems and networks to provide a measurable technical assessment that includes interviewing staff personnel, performing security vulnerability scans, reviewing access controls or analyzing physical access to ensure availability, confidentiality and integrity to help the organization meet internal and external regulatory compliance.
Demonstrate advanced security knowledge and experience on technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, intrusion management and operations management to assist the Information Security Operations team with effective research, data gathering, analysis, metrics reporting and communications.
Serve as an internal consultant to BCBST management, I/S systems staff and end users regarding information security measures, standards and best practices.
Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, e.g. large-scale production service outages, outside of the routine change management process.
Recommend changes in policies, standards, and procedures to support effective security measures.
Provide after-hours support for security issues on a 24x7 basis.
BS Degree in Computer Science or a related field, or equivalent years of experience is required. Equivalent years of experience are determined as one year of technical experience for every year of college requested.
Minimum of 5 years experience in Information Security field required.
Administration of, or specialization in, one or more major processing platforms including Mainframe (RACF), AIX & HP/UX (eTrust Access Control), Intel (Windows native/DRA), network devices.
Administration of, or specialization in, one or more major processing applications including PeopleSoft (highly preferred), Facets, Filenet, Verint, CareAdance, Q System, HPSM
Will be able to analyze the processes and procedures of the access control efforts in the change management and system development life cycles.
Ability to effectively communicate both verbally and written
Understanding of Security Methodologies in IT Security and IT Audit highly preferred
Windows / Linux / Unix operating systems
Common knowledge of the ITIL Framework
Common knowledge of firewalls, proxies, mail servers and web servers
Experience with operational support for operating systems, applications and networks
Common knowledge of Virtual Private Networking
Common knowledge of malicious code (worms, viruses, spyware, etc.)
Common knowledge of relational databases and structured query language
BlueCross BlueShield of Tennessee - 20 months ago
BlueCross BlueShield of Tennessee (BCBST) is the oldest and largest not-for-profit managed care provider in the state of Tennessee....