PURPOSE:

Develops and implements security solutions. Administers security technology systems by architecting and engineering/developing trusted systems into secure systems. Assists in the development of implementation and deployment plans that are aligned to the organizational strategic plan objectives and security requirements. Advises management in developing cybersecurity policies, processes, and procedures.

ESSENTIAL FUNCTIONS: Provides day-to-day leadership to engineers overseeing the support of security solutions.

Works with architects and project managers to provide security requirements.

Mentors, educates, and coaches engineers and leaders across the organization on cybersecurity solutions.

Answers complex questions about the installation, operation, configuration, and customization of cybersecurity solutions.

Identifies and resolves potential conflicts with the implementation of any cybersecurity tools.

Reviews and analyzes appropriate solution system logs for performance and functional anomalies.

Develops information systems security action plans, evaluates information security products, and performs other activities necessary to secure the organization's network.

SUPERVISORY RESPONSIBILITY: This position has no direct reports, however, may informally lead teams in a matrix environment.

QUALIFICATIONS:

Education Level: Bachelor's Degree in Computer Science, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience. Licenses/Certifications: Splunk Certified Developer Splunk Enterprise Security Certified AdminCISSP Certified Information Systems Security Professional Upon Hire Required OR  Certified Ethical Hacker (CEH) Upon Hire Required OR CompTIA Security+ Certification Required OR CompTIA Network+ Certification required Experience: 10 years relevant IT security experience

Preferred Qualifications: Advanced degree Knowledge, Skills and Abilities (KSAs) Responsible for creating Splunk ES (Enterprise Security) Security Information and Event Management (SIEM) content to monitor and detect potential threats to the enterprise. Responsible for SIEM content management, content creation, rule tuning, reporting and alert creation. Integration of signals and telemtry from various security tools including COTS and Cloud-native (AWS, GCP, Azure). Work with Splunk engineers to onboard and normalize new data sources ensuring CIM compliance. Significant experience with threat detection and threat hunting workflows. Significant experience with Incident Response procedures. Significant experience in security data analytics. Significant experience with data models - existing Splunk data models as well as, creation and tuning of data models from the ground up. Experience with Splunk Machine Learning Toolkit (MLTK). Will work closely with the CyberSecurity Monitoring and Automation teams to develop requirements and implement detections. Develop complex dashboards and visualizations. Develop alerting and notification. Experience with a variety of scripting languages such as CSS, HTML, JavaScript, Python, PowerShell and shell scripting to automate tasks and manipulate data. Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging. Department Department: Equal Employment Opportunity CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.