Build Your Career in Cybersecurity -
YOUR WAY

Summary

Awarded a Healthiest Employer, Blue Cross Blue Shield of Arizona aims to fulfill its mission to inspire health and make it easy.  AZ Blue offers a variety of health insurance products and services to meet the diverse needs of individuals, families, and small and large businesses as well as providing information and tools to help individuals make better health decisions.

​

At AZ Blue, we have a hybrid workforce strategy, called Workability, that offers flexibility with how and where employees work. Our positions are classified as hybrid, onsite or remote. While the majority of our employees are hybrid, the following classifications drive our current minimum onsite requirements:

​

• Hybrid People Leaders: must reside in AZ, required to be onsite at least once per week
• Hybrid Individual Contributors: must reside in AZ, unless otherwise cited within this posting, required to be onsite at least once per month
• Onsite: daily onsite requirement based on the essential functions of the job
• Remote: not held to onsite requirements, however, leadership can request presence onsite for business reasons including but not limited to staff meetings, one-on-ones, training, and team building

​

Please note that onsite requirements may change in the future, based on business need, and job responsibilities. Most employees should expect onsite requirements and at a minimum of once per month.

​

This position is hybrid within the state of AZ only. This hybrid work opportunity requires residency, and work to be performed, within the State of Arizona.

• Perform ongoing security vulnerability assessments and application pen tests, including identifying, assessing, and driving remediation of application vulnerabilities.
• Develop security improvements for the company’s websites and backend applications and serve as a SME on website and application-related projects.
• Research and recommend emerging security technologies/tools to address current and future threats and create and maintain documentation as it relates to security designs/configuration, processes, and requirements.
• Participate in security incident response processes.
• Mentor development teams on the use of secure coding practices and evangelize secure software development practices and processes throughout the SDLC.

​

​

Application security

​

• Participate in the building, automation, and operation automated security review capabilities across multiple technology stacks and languages throughout the SDLC.
• Coordinate security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security throughout the SDLC.
• Drive assessment of applications to identify and prioritize risks, driving prioritization and remediation across application development teams.
• Be an expert on vulnerabilities and attack vectors that have the potential to impact BCBSAZ systems.
• Proactively identify and implement products and tools to ensure security of our applications, collaborating with all areas of IT to harden our environment.

​

Strategy

​

• Participate in developing technical strategy; apply and promote security technology that optimizes the portfolio of technologies, tools, products, and applications.
• Work with IT leaders and subject matter experts to use technology to improve overall corporate security posture.
• Deliver assessment services, develop business cases, design solution architecture, and recommend multi-phased, complex migration programs that address application security.

​

Project Management

​

• Develop timelines, work estimates, cost projections, and manage projects related to application security initiatives to approved guidelines; review and consult on design and technical approach of projects to ensure consistency.

​

OTHER

​

• The position requires a full-time work schedule. Full-time is defined as working at least 40 hours per week, plus any additional hours as requested or as needed to meet business requirements.
• Position may require evening, weekend, or on-call schedules, depending on project requirements and/or system status.
• Perform all other duties as assigned.

Required Qualifications:

​

Required Work Experience

​

• 8 years of experience with application design and development.
• 3 years as an application security engineer analyzing the application modules for enhancing the application security.

​

Required Education

​

• Bachelor’s degree in business, information technology, computer systems, or related field

​

Required Licenses

​

• N/A

​

Required Certifications

​

• N/A

​

​

Preferred Qualifications:

​

Preferred Work Experience

​

• 10 years of experience with application design and development.
• 5 years as an application security engineer analyzing the application modules for enhancing the application security.
• Proven experience with web pen testing and application vulnerability assessments

​

Preferred Education

​

• Master’s degree in business, computer science or related field

​

Preferred Licenses

​

• CISSP, CEH and/or CSSLP Certifications

​

Preferred Certifications

​

• Technical certifications in software and systems design and development

Our Commitment

AZ Blue does not discriminate in hiring or employment on the basis of race, ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other protected group.

​

Thank you for your interest in Blue Cross Blue Shield of Arizona. For more information on our company, see azblue.com. If interested in this position, please apply.

Job Description:

​

The mission of the Automated Application Vulnerability Detection (AAVD) team is to protect Fidelity's assets and our customers’ livelihoods from the threat of exploitation by malicious adversaries. The AAVD team does this by providing secure software development training, static and dynamic application scanning, software composition analysis and secrets scanning and remediation services aimed at preventing vulnerabilities from being introduced into code and ensuring that deployed code is scanned routinely and identified vulnerabilities are addressed, working with the software development teams in a positive, collaborative, and innovative manner.

​

Our Vision

• We aspire to be a best-in-class team, with fully engaged, passionate members.
• Producing high-quality work in a consistent, effective, efficient, customer-oriented manner.
• Providing competitive advantage to the firm and serving as a differentiator in the marketplace.
• Serving as a role model for others across the Enterprise and wider industry.
• And driving advancement and research in the cybersecurity space.

​

The Team

​

The Automated Application Vulnerability Detection (AAVD) team forms part of Application Security product line within Enterprise Cybersecurity (ECS). The goal of the application security product line is to proactively identify and remediate vulnerabilities in Fidelity’s applications and infrastructure. We work very closely with key Business Units to ensure that they remain secure while they deliver key projects to advance the firm.

• Perform code security activities including analysis and remediation of vulnerabilities found in code.
• Leveraging our security champions program, partner with key business units to help promote and embed security best practices within their team’s development processes.
• There will also be the opportunity to expand and support other key areas of the team’s mission over time, such as helping to develop security requirements as well as assisting teams in embedding and using SAST/DAST/SCA tools into their development workflows.
• Stay current on security best practices and vulnerabilities.

Required Qualifications

• Bachelor’s degree or equivalent experience
• 3+ years of IT experience with at least 2 of these being in a hands-on application security role.
• Strong understanding of common application security vulnerabilities such as the OWASP Top 10 for Web, API, and Mobile applications
• Understanding of OWASP Top 10
• Strong knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
• Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities
• Experience with SAST and DAST tools
• Intermediate knowledge of a programming or scripting language such as C, C#, Python, Objective C, Java, JavaScript, SQL
• Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues.
• Excellent interpersonal skills with a strong interest in the application security domain
• Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation.
• Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.

​

Preferred Qualifications

• Experience working within an Agile development or DevOps/DevSecOps team would be a plus.
• Experience reviewing and analyzing code for vulnerabilities
• Experience using a SAST / DAST assessment tool
• Hands-on industry security certification such as eLearnSecurity, Portswigger, Offensive Security, CSSLP, AWS/Azure, SANS

Fidelity’s hybrid working model blends the best of both onsite and offsite work experiences. Working onsite is important for our business strategy and our culture. We also value the benefits that working offsite offers associates. Most hybrid roles require associates to work onsite every other week (all business days, M-F) in a Fidelity office.

Summary Information about the Role

​

Shape the future of product delivery while crafting solutions that enhance and optimize customer experiences. Lead end-to-end processes, manage dependencies, and liaise with stakeholders as part of a team at the forefront of innovation.

​

As a Product Delivery Manager in Authentication and Authorization, you work to enhance and optimize the way products are delivered to customers. As a key member of the team, you create solutions and efficiencies that enable successful implementations in an expedient and organized way.

​

Company Overview

​

NA

• Leads end-to-end product delivery processes including intake, dependency management, release management, product operationalization, delivery feasibility decision-making, and product performance reporting, while escalating opportunities to improve efficiencies and functional coordination
• Leads the completion of change management activities across functional partners and ensures adherence to the firm’s risk, controls, compliance, and regulatory requirements
• Effectively manages timelines and dependencies while monitoring blockers, ensuring adequate resourcing, and liaising with stakeholders and functional partners
• Analyzes product performance data to identify trends, patterns, and insights that inform product strategy and development
• Creates and maintains detailed reports and dashboards using Excel and other data visualization tools; prepares and delivers presentations using PowerPoint to communicate findings and recommendations to various audiences
• Collaborates with product managers and other stakeholders to understand data needs and provide actionable insights; supports the development and tracking of key performance indicators (KPIs) to measure product success
• Defines and presents strategy for features, write epics, user stories, acceptance criteria and participate in all agile events of the product group as a team member
• Acts as the voice of the customer and drive product vision; identify and partner with business stakeholders to implement changes in operational policies, process flows, procedures, and specialist tools and customer messages
• Facilitates and leads customer focused solutions across the organization in direct support of the Product Owner and Area Product Owners; act as subject matter expert with respect to major business processes and supporting applications/capabilities
• Works with other product teams, legal, risk, operations, design and technology teams to define, prioritize, deliver and align solutions to product vision and roadmap
• Identify potential risks and issues related to business processes and technology implementations; develop mitigation strategies to minimize impact on project timelines and outcomes.

Required Qualifications, Capabilities, and Skills

• 5+ years of experience or equivalent expertise in product delivery or a relevant domain area
• Demonstrated ability to execute operational management and change readiness activities
• Strong understanding of delivery and a proven track record of implementing continuous improvement processes
• Experience in product or platform-wide release management, in addition to deployment processes and strategies
• Proven ability to lead product life cycle activities including discovery, ideation, strategic development, requirements definition, and value management
• Agile project management experience, including use of agile project management tools (i.e. Confluence, JIRA, Git, etc.)
• Ability to manage product backlog; analytical, problem solving skills
• Excellent oral and written communication and presentation skills across various stakeholders and senior management; ability to synthesize large amounts of information, summarize key concepts and articulate relevant issues to senior management
• Work effectively in a team environment by being team-focused; supportive team member, always willing to be of assistance to others
• Ability to deal with different stakeholder groups to elicit business requirements, processes and data trends
• Ability to work in a high-paced environment, be flexible, follow tight deadlines, organize, and prioritize work with minimal oversight

​

Preferred Qualifications, Capabilities, and Skills

• Proficient knowledge of the product development life cycle, design, and data analytics
• Good understanding of IAM principles, particularly authentication, authorization and access management, and familiarity with security standards and regulations
• Excellent analytical and logical thinking to understand and analyze complex business processes.
• Experience with data reporting tools such as SQL, Python, Tableau, Oracle

NA