• Perform ongoing security vulnerability assessments and application pen tests, including identifying, assessing, and driving remediation of application vulnerabilities.
• Develop security improvements for the company’s websites and backend applications and serve as a SME on website and application-related projects.
• Research and recommend emerging security technologies/tools to address current and future threats and create and maintain documentation as it relates to security designs/configuration, processes, and requirements.
• Participate in security incident response processes.
• Mentor development teams on the use of secure coding practices and evangelize secure software development practices and processes throughout the SDLC.

​

​

Application security

​

• Participate in the building, automation, and operation automated security review capabilities across multiple technology stacks and languages throughout the SDLC.
• Coordinate security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security throughout the SDLC.
• Drive assessment of applications to identify and prioritize risks, driving prioritization and remediation across application development teams.
• Be an expert on vulnerabilities and attack vectors that have the potential to impact BCBSAZ systems.
• Proactively identify and implement products and tools to ensure security of our applications, collaborating with all areas of IT to harden our environment.

​

Strategy

​

• Participate in developing technical strategy; apply and promote security technology that optimizes the portfolio of technologies, tools, products, and applications.
• Work with IT leaders and subject matter experts to use technology to improve overall corporate security posture.
• Deliver assessment services, develop business cases, design solution architecture, and recommend multi-phased, complex migration programs that address application security.

​

Project Management

​

• Develop timelines, work estimates, cost projections, and manage projects related to application security initiatives to approved guidelines; review and consult on design and technical approach of projects to ensure consistency.

​

OTHER

​

• The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
• Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
• Perform all other duties as assigned.

Required Qualifications:

​

Required Work Experience

​

• 8 years of experience with application design and development.
• 3 years as an application security engineer analyzing the application modules for enhancing the application security.

​

Required Education

​

• Bachelor’s degree in business, information technology, computer systems, or related field

​

Required Licenses

​

• N/A

​

Required Certifications

​

• N/A

​

​

Preferred Qualifications:

​

Preferred Work Experience

​

• 10 years of experience with application design and development.
• 5 years as an application security engineer analyzing the application modules for enhancing the application security.
• Proven experience with web pen testing and application vulnerability assessments

​

Preferred Education

​

• Master’s degree in business, computer science or related field

​

Preferred Licenses

​

• CISSP, CEH and/or CSSLP Certifications

​

Preferred Certifications

​

• Technical certifications in software and systems design and development

Our Commitment

AZ Blue does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

​

Thank you for your interest in Blue Cross Blue Shield of Arizona. For more information on our company, see azblue.com. If interested in this position, please apply.