Network Security Engineer

The hiring range for this role is:  

125,870.00 - 176,525.00

This is the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting.  We may ultimately pay more or less than the hiring range andthis hiringrange may also be modified in the future. A candidate’s position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonusincentivepay.

We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and many other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Job Description Summary

The Network Security Engineer will design, develop, test, deploy and maintain services, features and functions that will enhance security posture and controls for enterprise networks. Ensure systems are up to date with latest security patches and implemented with operational resilience. This position will assist in performance improvement while ensuring security controls are in place protecting the network and data. This position requires collaboration with governance and architecture groups to design solutions that meet business and security requirements. Responsible for creating and maintaining a network security fabric that articulates the architectural vision, conceptualizing and experimenting with alternative technical approaches, creating models, components and interface specification documents and validating the architecture against requirements and assumptions. Accountable for developing a consistent framework for future BCBSA technology decisions. Provide senior level expertise related to decision-making and priorities for the enterprise network security. Responsible for ensuring necessary controls are part of technical designs to address the confidentiality, integrity, and availability (CIA) of IT systems and applications.

Responsibilities include but are not limited to:

Develops and maintains internal and external professional networks to track strategy, governance and organizational effectiveness trends and issues. Establish strategic relations with key technology vendors in order to influence changes in future product releases. Interacts with a wide range of technical and healthcare industry contacts.

Researches and benchmarks best practices and/or products in the area of security technology. Routinely gathers and assesses changing BCBSA business needs. Analyzes and modifies enterprise network security technology strategy. Analyzes how business processes interact with technology to create value for the business. Studies core technologies and infrastructure. Maintains knowledge of security technology, trends, and standards. Provides input to the content of Requests for Information / Proposal (RFI/P) around the BCBSA technology requirements and guiding principles. Conducts trend analyses to track emerging industry trends and technologies.

Creates network security engineering designs (BCBSA accepted technology products, configurations, standards, processes, policies, etc.) for utilizing technology assets in the company. Works with internal teams to set direction around network security for the organization. Assure that a workable, understandable and agreed upon approach for acquiring and utilizing technology is available and utilized. Seeks approval for designs from appropriate approval bodies. Evaluate/factor in the cost-benefit for each proposed design or changes to design. Design and lead the implementation of an enterprise-wide technical solutions based on architecture and enterprise business requirement needs. Facilitate the development of standardized procedures to provide a common process to integrate the deployment of new tools, techniques and technologies to existing IT processes. Influence the prioritization of initiatives outlined in the migration plan (what components to tackle first or trade-offs to make to progress toward the end state). Analyze current technology environment to detect critical deficiencies and recommends solutions for improvement.

Develop and document the principles and frameworks that guide the adoption and implementation of enterprise architecture decisions. Develop mechanisms to maintain and support the architecture process. Facilitate the development of enterprise governance in collaboration with business and technical leadership.

Present technical designs to appropriate architectural approval bodies. Obtain sign-off for designs. Develop, maintain and educate the corporation and facilitate adherence to enterprise architecture and standards. Accountable for increasing the company understanding of network security design, standards and associated procedures.

Provide engineering consultation to the organization and influences the architecture process, its outcome and ongoing results. Gain alignment and buy-in of architecture. Clarify understanding of standards. Build credibility with clients and technical staff through the delivery of sound business technical solutions. Consults with business and technology project staff to fit systems to architecture and identify when it is necessary to modify technical designs to accommodate project needs. Provide leadership for the development, maintenance, corporate education and adherence to enterprise technology architecture and standards on an enterprise-wide basis. Guide decision-making for selection, deployment, maintenance and retirement of technologies at BCBSA.

Perform agreed upon compliance activities such as quarterly firewall policy audits, remediation of audit findings, management and tracking of vulnerability finding, etc. Complete routine maintenance on security appliances and tools including firewall policy changes as requested by internal customers. Work with service provider to manage and monitor DDoS policy. Participates in troubleshooting activities as required and provides security reports as needed.

Lead/oversee the construction, implementation and maintenance during the life cycle of the solutions. Provide the technical leadership to developers, systems analysts and other IT technicians to ensure the successful delivery of the solution. Oversees technical implementation and modification activities. Serve in a compliance review for project designs and deliverables. Oversee the evaluation and selection of hardware and software product standards, and the design of standard configurations. Provide technical governance and support over the architectural design stages of projects. Provide recommendations of the enterprise strategy and architecture governance process. Evaluate the success of architecture designs as they are implemented. Evaluate strengths and flaws in architecture designs for continuous improvement.

Required Education, Certifications and Experience:

Education

• Bachelor’s Degree in a technical or business discipline or equivalent work experience in similar environment.

Certifications

• Professional certification in Network Security Administration and/or Network Engineering (CISSP, CCNA, CCDA, CCIE,) is preferred.

Experience

• Minimum 10 years of progressive, broad applied technical work experience doing technology configuration, deployment and systems integration.
• Experience with Palo Alto and Cisco firewalls, IDS/IPS, DLP, IP Filtering, DDoS, services, AlgoSec or other security policy management solution, VPN, Remote Access and other perimeter security technologies.
• Experience with designing and implementing layered network security defenses.
• Experience in creating, documenting and communicating architectural designs for a system comprised of many sub-components.
• Experience in creating, documenting and communicating architectural designs for a system comprised of many sub-components; experienced in consulting / negotiating formally and informally with others.

Skills

• Familiarity with Routers, Switches as well as experience with the following protocols (TCP/IP (v4 and v6), RIP, OSPF, EIGRP, BGP and HSRP) would be preferred.
• Proficiency in producing realistic and achievable deployment plans.
• Solid understanding of current and emerging technologies with advanced knowledge of one specific technology; solid understanding of operational business practices.
• Solid understanding of what health care companies are doing with respect to technology and practices is preferred.
• Good understanding of BCBSA business strategies is preferred.

People Management

No