Company Overview
At CareFirst, our name reflects our commitment. We’re honored to serve more than 3.5 million individuals who trust us with their healthcare needs, and we take that responsibility to heart.
Our vision is straightforward: healthcare should be high-quality, affordable, accessible, and simple to navigate—for everyone. We strive to build a system we would want for ourselves and our loved ones.
Each day, we make a positive impact in the communities where we live and work. With a strong sense of empathy and urgency, we tackle real challenges, simplify complexity, and deliver personalized solutions. We lead with innovation and purpose—always looking for better ways to serve those who depend on us.
Key Responsibilities
-
Lead comprehensive assessments of systems and networks to identify vulnerabilities, detect intrusions, and verify secure configurations.
-
Develop and document methodologies to evaluate cybersecurity indicators, aligning with current policies and threat intelligence.
-
Design technical solutions that support network protection, endpoint security, access management, auditing, and log management.
-
Resolve complex technical issues by analyzing system behavior and applying cybersecurity best practices.
-
Act promptly to prevent network disruptions and restore affected systems and communications platforms.
-
Collaborate with the broader security community to acquire and apply current cyber threat intelligence.
-
Continuously research emerging threats and mitigation strategies to enhance overall defense posture.
-
Lead initiatives to detect and report daily security incidents in line with organizational strategy.
-
Contribute to the development and refinement of cybersecurity quality assurance policies.
Qualifications
Education:
-
Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
-
In lieu of a degree, an additional four years of relevant work experience is required.
Experience:
-
Minimum of 8 years of related experience OR a recognized cybersecurity certification with 5 years of relevant experience.
Preferred Education:
-
Advanced degree in cybersecurity, IT, or a closely related field.
Preferred Certifications
-
CISSP – Certified Information Systems Security Professional
-
CISM – Certified Information Security Manager
-
CRISC – Risk and Information Systems Control
-
CISA – Certified Information Systems Auditor
-
GIAC – SANS GIAC certifications (various)
-
CASP – CompTIA Advanced Security Practitioner
-
CompTIA Security+
-
AWS Certifications (relevant to cloud security)
Desired Knowledge and Experience
-
Hands-on experience with regulatory and cybersecurity frameworks:
NIST 800-53/800-171, NIST CSF, FedRAMP, HITRUST, HIPAA, GDPR, CCPA, ISO 27001, CMMC, COBIT, CIS Top 20, CSA CCM, FAIR. -
Skilled in authoring System Security Plans (SSPs) and understanding compliance mandates.
-
Familiar with various tools and technologies:
SIEMs, IDS/IPS, firewalls, WAFs, SAST/DAST/IAST scanners, SOAR, EDR/XDR, NAC, CASB, PKI, HSMs, secure email, CSPM/CNAPP, AWS security tools (Macie, GuardDuty, Security Hub). -
Experience conducting and managing risk assessments, audits, risk exception processes, and working with internal/external auditors.
-
Familiarity with SIG, SOC 2 Type II, and vendor risk assessments.
-
Expertise in evaluating cybersecurity posture and collaborating with stakeholders to close security gaps.
-
Strong grasp of change management, application security, data governance, and secure network architecture.
-
Knowledge of GRC/ITRM platforms and security risk registers.
-
Skilled in writing and reviewing security documentation, standards, and policies.
-
Excellent communication skills with the ability to engage stakeholders at all levels.
-
Demonstrated success in supporting security risk initiatives, business process analysis, and metric-driven evaluations.
-
Experience with both Agile and Waterfall SDLC methodologies.
-
Proficient with Microsoft Office Suite: Word, Excel, Project, Visio.
-
Strong understanding of data modeling and cloud security (AWS/Azure).
-
Industry knowledge of healthcare insurance, especially Blue Cross Blue Shield plans.
Key Competencies and Skills
-
Ability to manage complex tasks independently and prioritize effectively.
-
Communicates complex technical concepts to both technical and nontechnical audiences.
-
Strong understanding of cybersecurity risk management and firewall/network architecture.
-
Committed to delivering high-quality service in dynamic, deadline-driven environments.
-
Proven ability to remain flexible and responsive to changing organizational needs.
-
Dedicated to providing exceptional customer service across a range of stakeholder interactions.
Salary Range
$107,136 – $212,784
Note: Compensation is dependent on a variety of factors, including experience, education, internal equity, and location. Most hires will not start at the top of the range. This position is also eligible for comprehensive benefits, incentive plans, and 401(k) programs, subject to eligibility.
Department
Security Governance and Reporting
Employment Policy
CareFirst BlueCross BlueShield is proud to be an Equal Opportunity Employer. We ensure all qualified applicants are considered without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, veteran status, or genetic information.
Additional Requirements
Federal Disclosure:
Candidates must immediately disclose any conditions (e.g., debarment or exclusion) that may disqualify them from working on federally funded healthcare programs.
Physical Requirements:
This role is primarily sedentary with occasional walking or standing. The role requires regular hand use for typing and writing, frequent verbal communication, and occasional lifting of items up to 25 lbs.
Work Authorization:
Candidates must be authorized to work in the U.S. without sponsorship.