Blue Cross and Blue Shield Association
Lead Security Engineer (Vulnerability Management)
Blue Cross and Blue Shield Association, Chicago, IL, United States
The hiring range for this role is: $150,000.00 - $180,000.00This is the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the hiring range and this hiring range may also be modified in the future. A candidate’s position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonus incentive pay. We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and many other benefits to eligible employees. Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law. Job Description Summary The Lead Security Engineer supporting the Vulnerability Management domain plays a vital role in safeguarding the organization's technology assets by developing and implementing a comprehensive program to identify, assess, and rectify vulnerabilities in both production and enterprise assets. This role ensures that identified security vulnerabilities are promptly addressed and requires a strong understanding of cybersecurity, risk management, compliance, and involves collaborating with cross-functional teams. This role is crucial in safeguarding systems and pushing the boundaries of vulnerability management. This role brings technical expertise in Vulnerability Management to protect the organization’s information systems and data. This role's proficiency extends beyond technical expertise to include vulnerability management leadership in risk analysis, creating dashboards, visualization, and executive reporting. Additionally, this role needs to understand security controls and regulatory compliance frameworks such as NIST, ISO, HITRUST, and HIPAA.Responsibilities include but are not limited to:Provide strategic and operational leadership in a specific security domain/program and manages multiple projects related to it.Cross-functionally partner with key stakeholders and other teams to enhance our overall security posture, align security efforts with business objectives and facilitate communication between technical and non-technical stakeholders.Generate roadmaps, drive operational excellence, optimize costs, and enhance security risk visibility.Establish frameworks for best practices, define OKRs and KPIs, and deliver reports on relevant metrics and complianceParticipate in domain related incident response efforts as needed, maintain defined security architecture, and manage domain specific security tools.Required Education, Certifications and ExperienceHigh School Diploma/GEDBachelor’s degree in Computer Science, Information Technology, or related field or equivalent experience.Minimum 7 years of information security experience.Experience implementing risk remediation prioritization and collaboration with key stakeholders to understand risk drivers and remediation blockers.Experience building and maintaining a comprehensive domain specific security program, developing policies and guidelines, collaborate cross-functionally, aggregate results, prioritize data, and facilitate remediation plans where needed.Experience monitoring and tracking remediation efforts, staying abreast of emerging threats, and leading the design, implementation, and maintenance of domain specific toolsets.Excellent communication skillsExcellent presentation skills that cater to technical and non-technical audiences.Strong analytical and problem-solving skills and ability to manage multiple projects successfully, ensuring timely and budget-friendly completion.Strong interpersonal skills, and the ability to influence and solve problems effectively.Solid understanding of HIPAA/HITRUST requirements, cloud-first security practices, and various security tools and technologies.Proficiency in scripting languages (preferably Python), API integrations, and process automation (for Vulnerability Management domain)Preferred Education, Certifications and ExperienceCertified Information Systems Security Professional (CISSP)People Management No#LI-HYBRIDSummaryLocation: US IL Chicago E. RandolphType: Full time