Job Description

Blue Cross Blue Shield of Arizona is a local, independent Blue Cross Blue Shield Association and a not-for-profit health insurance company headquartered in Phoenix. Founded in 1939, the company has more than 1,800 dedicated employees throughout its Phoenix, Tucson, Chandler and Flagstaff offices. Providing health insurance products, services and networks to more than 1 million Arizonans, Blue Cross Blue Shield of Arizona offers various health plans for individuals, families, and small and large businesses. Blue Cross Blue Shield of Arizona also offers Medicare supplement plans to individuals over age 65.

Blue Cross Blue Shield of Arizona helps to fulfill its mission of improving the quality of life of Arizonans by delivering a variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.

Purpose of the Job

The Information Security Engineer will participate in evaluating, developing, and implementing security tools, standards, procedures, and guidelines for multiple platforms and diverse systems environments. They will have the ability to learn and implement a variety of security technologies, such as vulnerability management, data leakage prevention, intrusion prevention, log management and security event management. This position will also require an individual who can work well with both technical and non-technical business partners.

Essential Job Functions and Responsibilities

Level 1 - Performs job functions under close supervision or peer review

  • Strong understanding of advanced information security concepts, best practices and procedures
  • Familiarity with general information security and auditing concepts such as encryption, access controls, and software security
  • Familiarity with general application issues including: cross-site scripting, injections, DDoS, and buffer overflows
  • Familiarity with applicable regulations such as PCI, HIPAA, and SOX
  • Familiarity with compliance frameworks such as NIST 800-30, NIST 800-53, NIST 800-66, SSAE 16 SOC 2, PCI DSS V3.2, SOX 404, ISO 27002
  • Investigate, document, and report any actual or potential information security violations, incidents, breeches or inappropriate computer use.
  • Evaluate security risk assessments of new systems and upgrades to determine impact to information security. 
  • Participate in small-scale projects, including quality and corporate task teams
  • Monitor anti-virus and anti-malware systems, secure email notifications, and Internet access.
  • Maintain integrated security solutions (IDS, SIEM, DLP) and develop system security plans according to federal guidelines
  • Assist management with establishing, reviewing and maintaining BCBSAZ information security policies and procedures; participate in ensuring security compliance with agency regulatory requirements.
  • Obtain one preferred security certification in year 1 of employment.
  • Perform all other duties as assigned.


    Level 2 - Performs job functions with general supervision

  • All level 1 job junctions and possess one or more preferred security certifications
  • Acts as a technical information security reviewer of requirements statements, detailed designs, implementation plans, and other documents produced during the systems development process.
  • Ensure department leverages internal tools and applications to ensure document libraries and procedures are organized
  • Develop and perform “penetration” efforts to test network vulnerability to intrusion by hostile individuals or groups.
  • Participate in production roll outs and ensure systems are promoted securely.
  • Execute the Business Associate Risk Assessment (BARA) methodology.
  • Assess the production environment on an ongoing basis to ensure that it remains compliant with external regulations and BCBSAZ Information Security Policies and Standards
  •  Weigh business needs against security concerns and articulate issues to management.
  • Provide subject matter expertise to business and project teams to define security policy and technical requirements
  • Assist workforce members with security related questions or problems.
  • Identify opportunities to improve procedures and processes that support the adoption of electronic capabilities
  • Participate or lead small to medium scoped projects
  • Participate in on-site business associate security assessments that may require international travel.
  • Educate workforce members on security practices through individual training, Intranet articles, etc.


    Level 3 - Performs job functions with minimal supervision

  • All previous job functions and possess two or more preferred major security certifications
  • Act as a trusted adviser and security expert in providing risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements.
    Facilitate and/or create new procedures and processes that support advancing technologies or capabilities.
  • Interact and negotiate with vendors, outsourcers, and contractors to secure system-related products and services.
  • Evaluate high-level project information and assess project components to forecast work effort required
  • Provide peer-level review and mentoring to level 1 and 2
  • Participate and/or lead large- or complex-technical projects
  • Build, support, and maintain moderately complex Information Security processes, programs, and technologies
  • Manages and performs product evaluations, recommends and implements products/services for Information Security that support strategic operational needs and security requirements
  • Validates and tests security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
  • Trains other team members on new security solutions and transitions ownership, where possible, upon successful implementation


Level 4 – Performs job functions in a lead capacity

  • All previous job functions and possess three or more preferred major security certifications
  • Facilitate and/or create new procedures and processes that support advancing technologies or capabilities
  • Evaluate high-level project information and assess project components to forecast work effort required
  • Provide peer-level review and mentoring to levels 1 and 2
  • Participate and/or lead large- or complex-technical security projects
  • Create complex ad-hoc reports for internal and external use
  • Act as primary security contact for internal and external customers when needed /  in the absence of manager
  • Ensure Service Level Agreements between department and operational or technical areas are met
  • Lead, develop and mentor staff by providing opportunities for growth through delegation, training, and assignment to various project teams
  • Inform manager of any issues impacting the efficient and effective performance of the department including system, resource, and informational barriers; Provide timely feedback to team member on performance
  • Serve as primary Information Security contact for internal / external customers when needed or in absence of Manager
  • Assist the manager in the day-to-day operations of the department


  • Each progressive level includes the ability to perform the essential functions of any lower levels and mentor employees in those levels.
  • The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
  • Perform all other duties as assigned.
  • Participate in on-call rotation

BCBSAZ does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

Skills / Requirements

Required Work Experience

Level 1

Level 2

Level 3

Level 4


2 years

4 years

6 years

8 years

Experience in information technology or computer systems


2 years

3 years

5 years

Experience in information security and/or network security



1 years

3 years

Experience in project management




2 years

Supervisory or lead experience.


Required Education

Preferred Work Experience

  • 10 years of experience in computer technology and/or information systems (All Levels)
  • 10 years of experience in information security (All Levels)

Preferred Education

  • Bachelor’s Degree in Computer Science, Information Systems, Business, or related field (All Levels)

Preferred Licenses

  • N/A

Preferred Certifications

  • Certified Cisco Network Administrator (CCNA) or Accredited Configuration Engineer (ACE) or Microsoft Certified Systems Engineer (MCSE) or Red Hat Certified Systems Administrator (RHCSA)
  • Certified Information Systems Security Professional (CISSP)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Ethical Hacker (CEH)
  • Certified Information System Auditor (CISA)
  • GIAC Security Expert (GSE)
  • Certified Forensics Examiner (CFE)

Required Job Skills (Applies to All Levels)

  • Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
  • Intermediate PC proficiency
  • Intermediate proficiency in spreadsheet, database and word processing software Experience with ISO 27002, 27002/BS7799 and COBIT.
  • Intermediate knowledge of Microsoft Applications and Suites, Windows Server, and Microsoft SQL databases.
  • Knowledge of Microsoft SharePoint and its security levels.

Required Professional Competencies (Applies to All Levels)

  • Strong analytical skills to support independent and effective decisions
  • Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.
  • Perserverance in the face of resistance or setbacks.
  • Effective interpersonal skills and ability to maintain positive working relationship with others.             
  • Verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
  • Systems research and analysis. Ability to write and present information security training documentation
  • Demonstrate the ability to stay current on global threats and vulnerabilities.
  • Experience working with and managing third parties
  • Knowledge of business requirements development and user acceptance testing.
  • Maintain confidentiality and privacy
  • Analytical knowledge necessary to generate reports based on available data and then make decisions based on reported data

Required Leadership Experience and Competencies

Preferred Job Skills (Applies to All Levels)

  • Advanced skill in use of office equipment, including copiers, fax machines, scanner and telephones
  • Advanced PC proficiency
  • Advanced experience with NIST Standards, ISO 27002/BS7799 and COBIT.
  • Advanced knowledge of Microsoft Applications and Suites, Windows Server, SharePoint, and MS SQL databases
  • Intermediate knowledge of Microsoft SharePoint and its security levels.

Preferred Professional Competencies (Applies to All Levels)

  • Advanced systems research and analysis expertise
  • Ability to build lesson plans and deliver lessons to junior team members.
  •  Solid project management skills
  • Deep technical ability and problem solving skills

Preferred Leadership Experience and Competencies (Applies to All Levels)

  • Mentor junior information security members on the concepts of information security

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online