Applications Security Engineer -

Applications Security Engineer

CareFirst |  Washington, DC, United States | Dev / Eng

Job Description
Perks + Benefits
Company Culture Coverage


Reporting to the Manager, IT Security, the Senior Information Security Specialist is accountable for a variety of tasks and deliverables, as listed below.

Support existing information security applications and infrastructure components. Work and collaborate other teams in the enterprise, or with customers (internal and external) on resolving access issues related to security functions, such as authentication, authorization, password management, account locks, user management, SSO/Federation, Role and Privilege assignments, etc.

Work with the project managers to define realistic timelines for production issue resolutions. Troubleshoot issues across multiple applications and systems. Persist in fixing issues and supporting deployments during the maintenance window (around midnight).

Apply creative thinking in problem solving and actively identifying opportunities for system improvements.

Develop code, scripts, and configuration/deployment instructions to implement designs and follow instruction of Lead team members. Use best practices and patterns to ensure delivery of an enterprise grade solution that is scalable, extensible, and configurable. Use SQL optimization techniques, parallel processing techniques, asynchronous transactions, and other enterprise grade patterns.

Perform thorough unit testing, code validation, and troubleshooting. Work with other technical teams in the organization such as Data Architecture, Portal and Integration.

Work with the project managers to define realistic timelines for solution delivery. Deliver solutions in a timely manner and according to the agreed upon schedule.

May use any of the following skills sets including: IBM TIM administration and workflow development, TAM administration and configuration, TFIM administration and configuration, LDAP, Unix, Active Directory, Java, EJB, JSP, JDBC, JMS, Kerberos, PKI, XML, WSDL, Web Services, Ant, Spring Framework.

Participate in brainstorming sessions for interpreting technical requirements into security solutions and designs that are consistent with the current information security architecture. Create detailed documents using UML and similar diagraming methods, to be shared within and outside the team. Documents include code commenting, descriptions of interfaces, instructions for deployments and configurations

This position is also subject to being “on call” for emergency situations requiring immediate resolution.


Required Experience, Skills, and Abilities: This position requires a BA/BS in computer science or related IT field or equivalent experience and at least 5 years of related experience of which at least 3 years must be in IT Security.  In addition:

• Solid knowledge of information security systems including Access Management, Identity Management, LDAP, Role Based Access Control, HTTP Headers and Cookies, Encryption, SSL, Certificates, etc.
• Experienced in Web Services code development and testing, Object Oriented Design and coding methods, agile development, deployment scripting with tools like ANT or Perl, TDI scripting, and logging methods.
• Experienced in programming for relational databases, including SQL for DML, DDL and Queries.
• Familiar with communications protocols such as HTTP, TCP/IP, JMS, SSL, etc.
• Experienced with large and complex systems and the use of Software Development Lifecycle Methodology.
• Knowledgeable in secure coding standards and security patterns for application and data level security.
• Must be a fast learner and a commitment to personal growth in the domain of Information Security.
• Must have experience researching and introducing new technologies.
• Experience in coaching and mentoring other associates as well as leading small teams of peers.
• Strong oral and written communications abilities are necessary, as are excellent interpersonal skills for customer interfacing.
• Strong analytical and organizational skills.
• Skilled in Microsoft Office suite: Outlook, Word, Excel, Power Point


  • MS in Computer Science
  • Experience with some or all of the following:  Unix, Linux, AIX, WebSphere and Tomcat administration and tuning, web services security, web application firewalls, intrusion prevention systems, API management, JIRA, Kanban, Artifactory, IBM TIM administration and workflow development, TAM administration and configuration, TFIM administration and configuration, LDAP,  Active Directory, Java, EJB, JSP, JDBC, JMS, Kerberos, PKI, XML, WSDL, Web Services, Ant, and Spring Framework.
  • Application development experience with disassemblers/decompilers/debuggers
  • Integrating Static, Dynamic and Interactive Application Security Testing into CI/CD build and deploy pipelines including securing source and artifact repositories to mitigate use of insecure code and implementing risk mitigation connected to use of 3rd Party / Open Source Libraries
  • Building Application Security KPI Dashboards
  • Securing Source and Artifact Repositories which mitigate use of insecure code
  • Implementing risk mitigation connected to use of 3rd Party / Open Source Libraries
  • Prescribing Application Security Requirements to development teams

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply:

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Apply Now
Read More
Health & Wellness Benefits
  • Dental
  • Disability Insurance
  • Health Insurance
  • Life Insurance
  • Onsite Gym
  • Vision
  • Wellness Programs
Parental Benefits
  • Family Medical Leave
  • Generous Parental Leave
  • Mother Rooms
Perks & Discounts
  • Casual Dress
  • Special Discounts
Professional Development
  • Online Trainings
  • Tuition Reimbursement
Retirement & Stock Options Benefits
  • 401K
Vacation & Time Off Benefits
  • Generous PTO
  • Paid Holidays

Describe the culture at CareFirst.

The culture is one of continuous learning. We are working to create tomorrow’s health plan — one that puts the service and security of our members first. Member security drives every decision we make as a company. We’re always looking at how and where we can improve our digital infrastructure. We’re open to creativity.


What are some of the ways you empower employees to make a difference at CareFirst? 

We believe that each of us has an opportunity to make a difference in our roles and the community.

For the past two years, the company has held an enterprise-wide event to advance diversity, equity and inclusion in our workplace and communities called the Week of Equity and Action. Through this, CareFirst associates participate in virtual trainings and community activations that reaffirm the company’s commitment to empathy, understanding, diversity, inclusion, equity and belonging. In 2019, associates collectively volunteered more than 10,000 hours of time with and for more than 30 non-profit organizations. This included assembling more than 5,000 personal hygiene care kits for individuals experiencing homelessness and packing nearly 14,000 infant bundles and 345,000 diapers for families in need. This year, due to COVID-19 restrictions, the Week of Equity and Action included 38 virtual workshops hosted by associates and external speakers; opportunities for associate to share their talents through skills based volunteering sessions with 70 non-profit organizations; and strategic partnerships with minority, women, Veteran and/or LGBTQ-owned businesses in the community.

CareFirst has taken intentional steps to encourage associates to continue conversations and action around diversity, equity and inclusion, including increased trainings and resources, leadership coaching, the launch of a Diversity, Equity and Inclusion Council, and increased internal and external communications to ensure associates feel supported in the workplace.


What qualities do you look for in tech job candidates?

Overall, we look for people who want to be part of something bigger than themselves. Individuals with a service mindset and a community focus, as well as the requisite technical skills and expertise.


How has hiring been affected since COVID-19?

We’re happy to say that hiring has been business as usual. We’ve onboarded 800 people since March, 2020.

For 2021, we aim to grow our tech workforce by 15%, with a focus on developers in cyber security, data science, UX and EPMO, as well as technical and non-technical project and product managers for next gen government programs.

  • Accepted file types: pdf, png, jpg, docx, doc.

New jobs. Your inbox. Every week. Get it.