Senior Cyber Security Analyst

Full Time

Job Description

Resp & Qualifications


CareFirst, Inc., and its affiliated companies, generally referred to as CareFirst BlueCross BlueShield (CareFirst), is the Mid-Atlantic region’s largest private sector health insurer, serving the healthcare needs of 3.5 million members in Maryland, the District of Columbia, and portions of northern Virginia. The Company offers a comprehensive portfolio of products and services to individuals and groups, as well as state and federal government sponsored plans. With a market share almost three times that of the closest competitor, the company commands 45 percent penetration across the region.

In July 2018, Brian D. Pieninck assumed the role of President and CEO after serving as the company’s COO of Strategic Business Units and IT Division. Under his leadership, the organization completed an extensive review of its operations and clinical programs, resulting in an expansive 3-year strategy to grow and diversify the company’s core business. Along with a 5-year vision to drive the transformation of the healthcare experience across the continuum of its members, partners, and communities, the company has placed a renewed and intentional focus on fostering a mission-based culture, which drives every decision the company makes. The organization employs over 5,600 full-time employees in Maryland, Northern Virginia, the District of Columbia, and West Virginia. CareFirst has earned multiple workplace awards recognizing its leadership in diversity and inclusion, wellness engagement, and creation of a supportive and equitable work environment for all employees.

At CareFirst, you are part of an inspired, collaborative team that is building the healthcare experience we want for our families and our future. Every day, we make a meaningful difference in the communities where we live and work.

We practice empathy, seek to understand, invest in inclusion, demand equity and nurture belonging every day for our employees and the communities we serve. We rely on the rich diversity of our employees’ experiences and backgrounds to achieve our mission. Every year we host a Week of Equity and Action where we deepen our investment and commitment to diversity, equity, and inclusion. During this week thousands of employees engage in workshops and volunteerism with the goal of bettering themselves and our community.
  • Women make up around 70% of CareFirst’s employee population, and over 50% identify as BIPOC (Black, Indigenous, and people of color).
  • We have 9 resource groups that connect employees over shared identities (LGBTQ, veteran status, race, etc.) and passions (climate change, healthy living, leadership development).
  • Employees are encouraged to give back and volunteer in their communities with their civic engagement hours.

As a not-for-profit, CareFirst regularly ranks among the most philanthropic organizations with $65 million invested in the community in 2020 to improve overall health, and increase the accessibility, affordability, safety, and quality of healthcare throughout its market area. The company’s employees consistently add to this impact by devoting thousands of volunteer hours to numerous community organizations and social causes. The company’s continued efforts to reinvest in community health care programs has repeatedly earned CareFirst regional accolades as a leading corporate philanthropist, including the No. 2 and No. 7 spots on the Baltimore Business Journal and Washington Business Journal’s 2019 list of top corporate givers, respectively.


The Senior CyberSecurity Specialist leads security event monitoring and correlation within the Cybersecurity Operations Center. The selected candidate should have proven experience and the ability to leverage computer network defense (CND) analyst toolsets to detect and respond to Cyber security incidents. This role conducts research and documents threats and their behavior; provides recommendations for threat mitigation strategies; employs effective web, email, and telephonic communications to clearly manage security incident response procedures; and performs routine event reporting including trend reporting and analysis.

ESSENTIAL FUNCTIONS: Under the direction of the Manager, CyberSecurity Monitoring, Digital Forensics and Incident Response, the incumbent is responsible for, but is not limited to, the following:

Duties and Responsibilities:
  • Dedicated monitoring and analysis of CyberSecurity events.
  • Audit and review system reports and security logs for unauthorized access, noncompliant activity, or access misuse.
  • Monitor and escalate incoming security requests and events of interest from different external and internal sources.
  • Develop use-cases for monitoring various aspects of security infrastructure and applications.
  • Clearly and accurately document observations. Process incident communications to include initial reporting, follow-ups, requests for information and resolution activity.
  • Follow standard operating procedures for detecting, classifying, and reporting incidents.
  • Triage (determine scope, severity, and priority) of offenses and events in Security Information and Event Management (SIEM) tool or within other security monitoring tools directly.
  • Research vulnerabilities in applications and systems. Provide recommendations for resolution and track remediation activities.
  • Traffic analysis (at the packet level) and reconstruction of network traffic to discover anomalies, trends, and patterns affecting the customer's networks
  • Monitor mailboxes to detect and analyze phishing attacks as well as any suspicious outbound messages.
  • Analyze firewall logs, Full Packet Capture (PCAP), IDS alerts, Anti-malware alerts, Host Intrusion Prevent System (HIPS), and server and application logs to investigate events and incidents for anomalous activity and produce reports of findings.

Position does not have direct reports but is expected to assist in guiding and mentoring less experienced staff. May lead a team of matrixed resources.


Required Education and Experience: Degree or equivalent experience: BA/BS in Information Technology, CyberSecurity, Networking, Security, MIS, Computer Science or related field.

  • Minimum 5 years of demonstrated work experience. (Additional experience may be required).
  • Specialized training (preferred, but not required): Transitioning, maintaining, or using security technologies such as Security Incident and Event Management (SIEM), Endpoint protection, Data Loss Prevention, Forensic tools, Network Anomaly Detection, Packet Capture Analysis; Incident response principles or related technical domain that is applied in the context of a broader understanding of CSIRT and related systems and processes.

Licenses/Certifications:Certification requirements (preferred, but not required):
  • GCIA (GIAC Certified Intrusion Analyst).
  • GCIH (GIAC Certified Incident Handler) Or the ability to obtain one certification within 6 months.

Required Skills and Abilities:
  • Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to effectively communicate.
  • Incumbent must have a firm understanding of Information and/or CyberSecurity principles. Must be able to adapt quickly to understand rapidly changing threat landscape to correctly scope and prioritize security events. The incumbent must also be able to achieve certification across multiple domains such as incident handling, web application security, etc.

Required skills:
  • Ability to analyze security events and threats.
  • Ability to document clearly and concisely the investigative, containment and resolution process for each event.
  • Perform event triage to include scoping, urgency, and potential impact, identification of the exposure and recommendations for remediation.
  • Lead investigation and remediation processes with stakeholders, technical and non-technical.
  • Experience configuring, monitoring, and responding to alerts from EDR tools.
  • Experience with analyzing large data sets and log files to find correlations and anomalies.
  • Working knowledge of multiple operating systems and system administration skills.
  • Strong knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, etc.
  • Experience with security monitoring and reporting tools and conducting security investigations of incidents and events.
  • Ability to utilize native cloud security tools to design and implement continuous monitoring solutions.
  • Advanced knowledge and use of Splunk to create complex queries for event investigations.
  • In depth understanding of MS Defender for M365 security, Defender for Endpoint, Defender for Cloud, etc.
  • Advanced knowledge and use of Linux.

  • Cloud Security Detection and Response.
  • SOAR/Automation technology.
  • Experience with scripting, automation and/or programming: Python, PowerShell, Ansible, other orchestration tools, or equivalent.


Department:InfoSec - CyberSecurity

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of theCompany to provide equal employment opportunities to allqualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Dice Id : 10233586
Position Id : 16560-1A
Originally Posted : 4 months ago
Have a Job? Post it

Similar Positions

Lead Cyber Security Analyst
  • CareFirst
  • Owings Mills, MD, USA
Cybersecurity Intelligence Fusion Analyst
  • Zachary Piper Solutions, LLC
  • Fort Meade, MD, USA
Cyber Security Fusion Analyst
  • Leidos
  • Fort Meade, MD, USA
Lead Cyber Security Operations Analyst
  • CareFirst
  • Owings Mills, MD, USA
Jr. - Sr. Cyber Security Watch Officers
  • Zachary Piper Solutions, LLC
  • Fort Meade, MD, USA
Mid-Senior Cyber Security Analyst TS/SCI Polygraph
  • Zachary Piper Solutions, LLC
  • Springfield, VA, USA
Cybersecurity Analyst- Secret Cleared
  • Data Systems Analysts Inc. (DSA)
  • Aberdeen, MD, USA