Lead Cyber Security Analyst (Threat Intelligence and Incident Response)

Full Time

Job Description

Resp & Qualifications


CareFirst, Inc., and its affiliated companies, generally referred to as CareFirst BlueCross BlueShield (CareFirst), is the Mid-Atlantic region’s largest private sector health insurer, serving the healthcare needs of 3.5 million members in Maryland, the District of Columbia, and portions of northern Virginia. The Company offers a comprehensive portfolio of products and services to individuals and groups, as well as state and federal government sponsored plans. With a market share almost three times that of the closest competitor, the company commands 45 percent penetration across the region.

In July 2018, Brian D. Pieninck assumed the role of President and CEO after serving as the company’s COO of Strategic Business Units and IT Division. Under his leadership, the organization completed an extensive review of its operations and clinical programs, resulting in an expansive 3-year strategy to grow and diversify the company’s core business. Along with a 5-year vision to drive the transformation of the healthcare experience across the continuum of its members, partners, and communities, the company has placed a renewed and intentional focus on fostering a mission-based culture, which drives every decision the company makes. The organization employs over 5,600 full-time employees in Maryland, Northern Virginia, the District of Columbia, and West Virginia. CareFirst has earned multiple workplace awards recognizing its leadership in diversity and inclusion, wellness engagement, and creation of a supportive and equitable work environment for all employees.

At CareFirst, you are part of an inspired, collaborative team that is building the healthcare experience we want for our families and our future. Every day, we make a meaningful difference in the communities where we live and work.

We practice empathy, seek to understand, invest in inclusion, demand equity and nurture belonging every day for our employees and the communities we serve. We rely on the rich diversity of our employees’ experiences and backgrounds to achieve our mission. Every year we host a Week of Equity and Action where we deepen our investment and commitment to diversity, equity, and inclusion. During this week thousands of employees engage in workshops and volunteerism with the goal of bettering themselves and our community.
  • Women make up around 70% of CareFirst’s employee population, and over 50% identify as BIPOC (Black, Indigenous, and people of color).
  • We have 9 resource groups that connect employees over shared identities (LGBTQ, veteran status, race, etc.) and passions (climate change, healthy living, leadership development).
  • Employees are encouraged to give back and volunteer in their communities with their civic engagement hours.

As a not-for-profit, CareFirst regularly ranks among the most philanthropic organizations with $65 million invested in the community in 2020 to improve overall health, and increase the accessibility, affordability, safety, and quality of healthcare throughout its market area. The company’s employees consistently add to this impact by devoting thousands of volunteer hours to numerous community organizations and social causes. The company’s continued efforts to reinvest in community health care programs has repeatedly earned CareFirst regional accolades as a leading corporate philanthropist, including the No. 2 and No. 7 spots on the Baltimore Business Journal and Washington Business Journal’s 2019 list of top corporate givers, respectively.

To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the Cybersecurity team while supporting business and customer needs.

  • Leads the team in regular assessments of network and system security for intrusion detection, vulnerability, and security configurations.
  • Develops procedures for assessing indicators using the research of cybersecurity policies, indicators, and protocols.
  • Designs technical solutions for network protection, endpoint security, access control, auditing, and log management. Uses technical expertise to resolve and identify issues through the analysis of technical problems.
  • Prevents network damage and restores computers and electronic communication systems.
  • Collaborates with the security community to obtain technical cyber threat intelligence. Researches emerging information security threats, vulnerabilities, and their countermeasures.
  • Leads the implementation of strategies for the detection and reporting of day-to-day security incidents.
  • Participates in the development of quality assurance policies.

Position does not have direct reports but is expected to assist in guiding and mentoring less experienced staff. May lead a team of matrixed resources.


Education Level: Bachelor's Degree inComputer Science, Cyber Security, Information Technology, or related field OR inlieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

Licenses/Certifications Upon Hire Preferred:
  • GCFA - GIAC Certified Forensic Analyst ORGNFA - GIAC Network Forensic Analyst ORGCIH - GIAC Certified Incident Handler ORGCTI - GIAC Cyber Threat Intelligence ORGOSI - GIAC Open Source Intelligence OR
  • CISSP Certified Information Systems Security Professional ORCertified Ethical Hacker(CEH)

Experience: 8 years relevant information security experience.

Preferred Qualifications:
Advanced degree

Knowledge, Skills and Abilities (KSAs)
  • Perform proactive threat hunting across the environment utilizing large datasets including, but not limited to SIEM, packet captures, network-based anomaly technologies, etc.
  • Development and tuning of complex detection queries to identify anomalous network or host-based activity.
  • Experience with Threat Modeling Methodologies - Pyramid of Pain, STRIDE, PASTA, etc.
  • Increase fidelity of signals and eliminate false positives.
  • Incident response
    • Determine scope of malicious activity
    • Asses impact of event
    • Recommend remediation activities to contain and eliminate advanced threats
    • Engage with external incident reponse personnel to provide context
  • Advanced knowledge of Splunk SPL is required.
  • Coordinate response actions across multiple security domains to counter advesarial activity.
  • Must be proficient in one or more scripting languages, preferably Python or PowerShell.
  • Ability to manage multiple tasks and deliverables with minimal supervision.
  • Ability to explain technical information to technical and nontechnical personnel.
  • Knowledge of cyber security related risk management techniques.
  • Knowledge of network architecture and firewall security.
  • Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service.
  • Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.


Department:InfoSec Cybersecurity Operatio

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of theCompany to provide equal employment opportunities to allqualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Dice Id : 10233586
Position Id : 16983-1A
Originally Posted : 2 months ago
Have a Job? Post it

Similar Positions

Lead Cyber Security Operations Analyst
  • CareFirst
  • Owings Mills, MD, USA
Lead Cyber Security Engineer
  • CareFirst
  • Owings Mills, MD, USA
Lead Cyber Security Engineer
  • CareFirst
  • Owings Mills, MD, USA
Lead Cyber Security Analyst
  • CareFirst
  • Owings Mills, MD, USA
Manager, Cyber Security
  • CareFirst
  • Owings Mills, MD, USA
Manager, Domain Architecture
  • CareFirst
  • Owings Mills, MD, USA
Senior Cyber Security Analyst
  • CareFirst
  • Owings Mills, MD, USA
Technical Analyst - PPM Solutions
  • CareFirst
  • Owings Mills, MD, USA
Senior BI Developer/Analyst
  • CareFirst
  • Owings Mills, MD, USA