Job Description

Blue Cross Blue Shield of Arizona is a local, independent Blue Cross Blue Shield Association and a not-for-profit health insurance company headquartered in Phoenix. Founded in 1939, the company has more than 1,800 dedicated employees throughout its Phoenix, Tucson, Chandler and Flagstaff offices. Providing health insurance products, services and networks to more than 1 million Arizonans, Blue Cross Blue Shield of Arizona offers various health plans for individuals, families, and small and large businesses. Blue Cross Blue Shield of Arizona also offers Medicare supplement plans to individuals over age 65.

Blue Cross Blue Shield of Arizona helps to fulfill its mission of improving the quality of life of Arizonans by delivering a variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.

Internal Use:

TECH 30 - 33

Purpose of the job

The Information Security Engineer will participate in evaluating, developing, and implementing security tools, standards, procedures, and guidelines for multiple platforms and diverse systems environments. They will have the ability to learn and implement a variety of security technologies, such as vulnerability management, data leakage prevention, intrusion prevention, log management and security event management. This position will also require an individual who can work well with both technical and non-technical business partners.  


Required Work Experience
Experience in information technology or computer systems

Level 2 - 4 years

Level 3 - 6 years

Level 4 - 8 years

Experience in information security and/or network security

Level 2 - 2 years

Level 3 - 3 years

Level 4 - 5 years

Experience in project management

Level 3 - 2 years

Level 4 - 3 years

Required Education

  • High-School Diploma or GED in general field of study (All Levels)

Required Licenses

  • N/A

Required Certifications

  • N/A


Preferred Work Experience

  • 10 years of experience in computer technology and/or information systems (All Levels)
  • 10 years of experience in information security (All Levels)

Preferred Education

  • Bachelor’s Degree in Computer Science, Information Systems, Business, or related field (All Levels)
Preferred Licenses
  • N/A

Preferred Certifications

Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Ethical Hacker (CEH), Certified Information System Auditor (CISA), GIAC Security Expert (GSE), Certified Forensics Examiner (CFE), Security +, Security Essentials (GSEC), Information Security Fundamentals (GISF), Critical Controls (GCCC), ISO Fundamentals, ISO Practitioner, Certified Cloud Security Professional (CCSP) Certificate of Cloud Security Knowledge (CCSK), Certified Common Security Framework Practitioner (CCSFP)



Level 1 - Performs job functions under close supervision or peer review

  • Investigate, document, and report any actual or potential information security violations, incidents, breeches or inappropriate computer use.
  • Evaluate security risk assessments of new systems and upgrades to determine impact to information security. 
  • Participate in small-scale projects, including quality and corporate task teams
  • Monitor anti-virus and anti-malware systems, secure email notifications, and Internet access.
  • Maintain integrated security solutions (IDS/IPS, SIEM, DLP) and develop system security plans according to federal guidelines
  • Assist management with establishing, reviewing and maintaining BCBSAZ information security policies and procedures; participate in ensuring security compliance with agency regulatory requirements.
  • Obtain one preferred security certification in year 1 of employment.
  • Develop documentation to include procedures, architecture, deployment, and configuration diagrams.
  • Participate in security awareness training and conduct cross-training with company staff and peers.
  • Regular collaboration with other teams to reduce threats and company risk
  • Act as a security advocate for ISS security operations 
  • Perform all other duties as assigned.

Level 2 - Performs job functions with general supervision

  • All level 1 job junctions and possess one or more of the preferred security certifications
  • Acts as a technical information security reviewer of requirements statements, detailed designs, implementation plans, and other documents produced during the systems development process.
  • Ensure department leverages internal tools and applications to ensure document libraries and procedures are organized
  • Develop and perform "penetration" efforts to test network vulnerability to intrusion by hostile individuals or groups.
  • Participate in production roll outs and ensure systems are promoted securely.
  • Assess the production environment on an ongoing basis to ensure that it remains compliant with external regulations and BCBSAZ Information Security Policies and Standards
  • Weigh business needs against security concerns and articulate issues to management.
  • Provide subject matter expertise to business and project teams to define security policy and technical requirements.
  • Assist workforce members with security related questions or problems.
  • Identify opportunities to improve procedures and processes that support the adoption of electronic capabilities
  • Participate or lead small to medium scoped projects
  • Participate in on-site business associate security assessments that may require international travel.
  • Participates in applying network security, endpoint security, processes and procedures.
  • Educate workforce members on security practices through individual training, Intranet articles, etc.
  • Participate in implementing ISO 27001 framework.

Level 3 - Performs job functions with minimal supervision

  • All level of the previous job junctions and possess one or more of the preferred security certifications
  • Incident Management and response experience
  • Act as a trusted adviser and security expert in providing risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements.
    Facilitate and/or create new procedures and processes that support advancing technologies or capabilities.
  • Interact and negotiate with vendors, outsourcers, and contractors to secure system-related products and services.
  • Evaluate high-level project information and assess project components to forecast work effort required
  • Provide peer-level review and mentoring to level 1 and 2
  • Participate and/or lead large- or complex-technical projects
  • Build, support, and maintain moderately complex Information Security processes, programs, and technologies
  • Manages and performs product evaluations, recommends and implements products/services for Information Security that support strategic operational needs and security requirements
  • Validates and tests security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies
  • Trains other team members on new security solutions and transitions ownership, where possible, upon successful implementation

Level 4 - Performs job functions in a lead capacity

  • All previous job functions and possess one or more preferred security certifications
  • Facilitate and/or create new procedures and processes that support advancing technologies or capabilities
  • Evaluate high-level project information and assess project components to forecast work effort required
  • Provide peer-level review and mentoring to levels 1 and 2
  • Participate and/or lead large- or complex-technical security projects
  • Create complex ad-hoc reports for internal and external use
  • Act as primary security contact for internal and external customers when needed /  in the absence of manager
  • Ensure Service Level Agreements between department and operational or technical areas are met
  • Lead, develop and mentor staff by providing opportunities for growth through delegation, training, and assignment to various project teams
  • Inform manager of any issues impacting the efficient and effective performance of the department including system, resource, and informational barriers; Provide timely feedback to team member on performance
  • Serve as primary Information Security contact for internal / external customers when needed or in absence of Manager
  • Assist the manager in the day-to-day operations of the department


  • Each progressive level includes the ability to perform the essential functions of any lower levels and mentor employees in those levels.
  • The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
  • Perform all other duties as assigned.
  • Participate in on-call rotation


Required Job Skills (Applies to All Levels)

  • Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones
  • Intermediate PC proficiency
  • Intermediate proficiency in spreadsheet, database and word processing software Experience with ISO 27001, 27002 and COBIT.
  • Intermediate knowledge of Microsoft Applications and Suites, Windows Server, and Microsoft SQL databases.
  • Familiarity with Cloud/Web Security and CASB
  • Familiarity with Identity Cloud, MFA,  API Access Management and SSO
  • Knowledge of Microsoft SharePoint and its security levels.
  • Knowledge of information security concepts, best practices and procedures
  • Knowledge of general information security and auditing concepts such as encryption, access controls, software and cloud security.
  • Knowledge of general application issues including: cross-site scripting, injections, DDoS, and buffer overflows
  • Knowledge of applicable regulations such as PCI, HIPAA, HITECH, and SOX
  • Knowledge of compliance frameworks such as NIST 800-30, NIST 800-53, NIST 800-66, SSAE 16 SOC 2, PCI DSS V3.2, SOX 404, ISO 27001/27002

Required Professional Competencies (Applies to All Levels)

  • Strong analytical skills to support independent and effective decisions
  • Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.
  • Perseverance in the face of resistance or setbacks.
  • Effective interpersonal skills and ability to maintain positive working relationship with others.            
  • Verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
  • Systems research and analysis. Ability to write and present information security training documentation
  • Demonstrate the ability to stay current on global threats and vulnerabilities.
  • Experience working with and managing third parties
  • Knowledge of business requirements development and user acceptance testing.
  • Maintain confidentiality and privacy
  • Analytical knowledge necessary to generate reports based on available data and then make decisions based on reported data

Required Leadership Experience and Competencies

  • Facilitate and resolve customer requests and inquiries for all levels of management within the Corporation. (Applies to Levels 2 - 4)
  • Build synergy with a diverse team in an ever changing environment. (Applies to Levels 3 - 4)


Preferred Job Skills (Applies to All Levels)

  • Advanced skill in use of office equipment, including copiers, fax machines, scanner and telephones
  • Advanced PC proficiency
  • Advanced experience with ISO 27002 and COBIT standards.
  • Advanced knowledge of Microsoft Applications and Suites, Windows Server, SharePoint, and MS SQL databases
  • Intermediate knowledge of Microsoft SharePoint and its security levels.

Preferred Professional Competencies (Applies to All Levels)

  • Advanced systems research and analysis expertise
  • Ability to build lesson plans and deliver lessons to junior team members.
  • Solid project management skills
  • Deep technical ability and problem solving skills

Preferred Leadership Experience and Competencies (Applies to All Levels)

  • Mentor junior information security members on the concepts of information security

Our Commitment

BCBSAZ does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

Thank You

Thank you for your interest in Blue Cross Blue Shield of Arizona.  For more information on our company, see  If interested in this position, please apply.

Imagine doing life-changing work and helping more than one million Arizonans live healthier and longer lives. That’s the kind of satisfaction you’ll find when you work here. Our exceptional teams in Phoenix, Tucson, Chandler, and Flagstaff have been transforming healthcare for more than 80 years. Explore what's possible with a career at Blue Cross® BlueShield® of Arizona

Posted 23 Days Ago

Full time


Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online