Current jobs related to Principal Domain Architect - Owings Mills - CareFirst BlueCross BlueShield

PURPOSE:

The Principal Domain Architect is a security expert with business acumen and in-depth knowledge and expert skills to advance domain strategies. Translates business needs for security into architectural solutions that meet performance, reliability, and security expectations. Applies enterprise roadmaps, principles, standards, and practices to drive their security strategies and execution. Acts as the key interface for Core Technology Services (CTS) to provide security architecture guidance for all CTS technology. Provides direct operational support to Cloud Engineering and Enablement (CEE) members, who are responsible for execution and implementation of cloud governance controls.

ESSENTIAL FUNCTIONS:

Leads preparation of security architecture viewpoints and models depicting current, target, and interim states. Use current state viewpoints to identify and analyze pain points and opportunities (PPOs). Lead advanced modeling and analysis to meet the strategic needs of the organization with respect to system, information, functional/non-functional needs, performance, and security/regulatory requirements. Create and utilize architecture patterns and ensure alignment with IT strategies and reference architectures. Ensure target state alignment and integration across architecture domains. Ensure upstream alignment / traceability to business needs via business architecture and downstream alignment / traceability with solution building blocks. Leads the enablement of security architecture strategies and development of standards, and guidelines. Identify and support development of reusable security patterns. Leads design, engineering, and implementation of assets for internal use in solutions to improve solution quality; collaborate through implementation phase. Leads peer reviews and represent the architecture domain in briefings to the Architecture Innovation Review Board. Oversees publishing and maintenance of viewpoints / work products in the architecture repository, ensuring they are organized, accurate, and accessible. Disposition stakeholder comments / feedback received via project and non-project channels. Ensures that regulatory and compliance issues are addressed in solutions. Leads collaboration with other teams (business and technical), key stakeholders, and partners to understand needs to maximize architecture impact and address technical limitations. Leads the evaluation/selection of a solution / product design that aligns with IT / Security strategies, standards, and guidelines. Leads research emerging security trends to determine their relevancy and fit for the organization. Participate in vendor evaluations and selection process broadly; leads vendor evaluation and selection, providing a security focused lens for CTS. Represent CTS from a security perspective in the drafting of RFIs/RFPs and the evaluation / scoring of vendor proposals. Leads the development / enhancement of security methods and tools. Ensure the alignment / integration of security best practices, processes / deliverables with those of other architecture domains and SDLC disciplines. Leads development of security related communications / education material and documentation for use with stakeholders and architecture / SDLC partners. Leads security assessments for most complex new / proposed projects for architecture impacts in support of annual planning, resource estimation, and alignment with IT strategy and enterprise architecture. Provide input to project, product, and enterprise technology roadmaps. Provide regular reporting on progress, issues, and opportunities related to architecture domain. Ensure that CTS and the CEE solutions and design aligns with Enterprise Security Architecture strategies & approved patterns. Serve as a key CTS contact, interacting frequently with Enterprise Security Architecture and Enterprise Architecture for alignment.

SCOPE:

The CareFirst infrastructure supports six thousand+ internal business users, five million members, and sixty thousand providers across twenty-two CareFirst locations In alignment with overall Enterprise and Enterprise Security Architecture strategies, the Principal Domain Architect will provide security focused guidance, design reviews, and design approvals for CTS focused supporting & enabling:

Cloud Security – CareFirst’s approach is “cloud first, native first, Azure first, therefore the primary cloud is Azure, but AWS and various SaaS providers are applicable. CTS has operational ownership of AWS and Azure cloud environments. Zero trust security

Network security – On premise and cloud connectivity. Cisco switches / routers with Palo Alto on-Prem & cloud VMseries firewalls. Azure cloud NSG’s, ASG’s, segmentation, and automation. Alignment with Enterprise Security Architecture

Identity & access management – Okta, SailPoint, Azure AD, Active Directory. CTS is directly responsible only for Azure AD & Active Directory.

Cloud Migration – Cloud migration & datacenter exit. Principal Domain Architect will partner with Enterprise Security Architecture to ensure adequate security design, repeatable processes, and best practices are in place.

Governance & Compliance (cloud & on premises) – Enforce governance with group policy, configuration management, Azure policy, automation runbooks, and DevSecOps. As a healthcare provider with Federal customers, we require FedRamp moderate compliance within the identified boundaries. HIPAA, PCI, and other regulatory compliance must be enforced

Unified Communications – Office 365 Exchange, SharePoint, Teams, and OneDrive, Power BI, Power Platform. O365 Office plugins and Azure Enterprise Apps require security & risk review as well

Call Center Applications – CareFirst Call center applications, including signaling, IVR, Call recording, and workforce management on Nice cloud

On-premises Infrastructure – Datacenter exit and multi-region co-locations. Infrastructure PODs (Net/Storage/Compute) supporting cloud incompatible apps/services. Windows/Linux OS VM’s running on VMware virtualization platform

SaaS/PaaS applications – Partnerships with Salesforce, Planon, KeyedIn, Splunk, and other SaaS providers. Marketplace partner solutions and SaaS/PaaS preferred over IaaS

End user computing & collaboration – Horizon VDI (non-admin & privileged admin jump VM’s), Laptops with Palo Alto VPN, Teams meeting rooms, and BYOD with Intune app management

QUALIFICATIONS:

Education Level: B achelor’s degree in Computer science, Information Technology, or related field OR in lieu of a bachelor’s degree, a successful candidate possesses an additional 4 years of professional experience.

Experience: 10+ years of Security architecture experience.

Knowledge, Skills and Abilities (KSAs)

Proficient understanding of the architectural principles of cloud-based platforms including SaaS, PaaS, multitenancy, multi-tiered infrastructure, etc. Proficient experience with Microsoft Azure and AWS preferred.

Proficient experience and understanding of enterprise networking architecture & security in a hybrid cloud environment. Thorough understanding and expertise with network security stack & load balancing, including firewalls, load balancing (NLB & ALB), cloud native security components. Strong knowledge of network routing, NAT, Network segmentation, and Zero trust security is preferred.

Good understanding of all cloud offerings in the market and ability to discuss cloud architectures with multiple audiences with different levels of understanding.

Good understanding of the security processes, standards & issues involved in multi-tier cloud or hybrid applications & services. Familiarity with principles of network, application, and information security.

Good understanding and experience with core shared infrastructure services such as DNS, DHCP, Active Directory, LDAP, etc.

Good understanding of DevOps, CI/CD pipeline, test automation, environment, and configuration automation, etc. Software development experience not required but is a plus.

Good understanding of voice and collaboration security is a plus. This includes SBC’s, WebRTC, VOIP, SIP

Azure cloud infrastructure experience is a plus.

Microsoft O365 & Azure security solution experience is a plus, including Azure Defender, Sentinel, DLP (Azure information protection), MCAS, Azure Conditional Access, Azure Enterprise Applications, and Azure Enterprise Application Proxy.

Familiar with Industry or vertical solutions or SaaS is a plus.

Familiar with relevant (regional, market, industry) data privacy and compliance requirements.

Department

Department: 

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

---