Info Security & Cybersecurity Engineer I/II/III at Excellus BCBS (2024)

SummaryJob Description: The Information Security & Cybersecurity Engineer role develops, maintains, and coordinates the Organization’s information security activities in support of the Lifetime Healthcare Companies’ information security program. This position provides technical information security risk management and compliance services and support to the Organization’s lines of business and further provides information security consulting and support to all levels of the Organization’s management in support of the information security program. The cybersecurity disciplines range from Security Operations, Governance Risk and Compliance services, or Identity and Access Management.

Essential AccountabilitiesLevel I

  • Responsible for the design, implementation, and operation of Organization-wide security infrastructures. Evaluates and proposes new security solutions and advises and consults with the security manager and various levels of management regarding protection of computing resources and information assets.
  • Assists in the maintenance and operational support for security technologies in defense against modern cybersecurity threats
  • Delivers support for the Organization’s Information Security Framework and strives to improve maturity of the Information Security program in certain Framework domains.
  • Respond to requests within defined SLAs relating to various information security systems, programs, and processes.
  • Maintains risk management documentation to monitor lifecycle progress, track acceptance decisions, and catalog remediation actions. Utilizes automated Governance, Risk, and Compliance tools to track artifacts of the risk management lifecycle. Consults with information systems owners to categorize systems; select, implement, and assess controls; and frame, assess and monitor risk.
  • Enforces information security policies, standards, and procedures by administering and monitoring security reports; investigates possible security exceptions.
  • Delivers information risk management services for new and existing automation products and projects.
  • Participates in rotation of 24/7/365 on call coverage.
  • Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities.
  • Integrates security tools and appropriate controls into new and existing systems and applications.
  • Assists in department self-audits, internal audits, external audit reviews, and risk assessments for the division and for end user departments.
  • Participates in security assessment of supplier and vendors develops recommendations to improve security and mitigate security risks.
  • Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
  • Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
  • Regular and reliable attendance is expected and required.
  • Performs other functions as assigned by management.

Level II (in addition to Level I Accountabilities)

  • Keeps abreast of cyber threat landscape and evolving mitigation approaches and techniques.
  • Performs as the Subject Matter Expert for at least one information security technology, processes, and practices internally to the Health Plan – including making recommendations relating to this technology.
  • Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security administration requests.
  • Trains and provides technical support to Security Administrators and lower-level InfoSec & Cybersecurity Engineers on distributed system and application security.
  • Provides consultation and facilitation support services to the Organization and its subsidiaries in information security matters and ensures compliance with the Organization’s information security policies and standards.
  • Integrates security tools and appropriate controls into new systems and applications.
  • Acts as a security consultant for Organization’s IT platforms, databases, middle-wares, and messaging systems (with oversight from a more senior analyst).

Level III (in addition to Level II Accountabilities)

  • Performs as the Subject Matter Expert for at least two information security technology, processes, and practices internally to Health Plan.
  • Designs, develops, integrates, tests, evaluates, and maintains cybersecurity technology products.
  • Researches, engineers, and integrates new security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy.
  • Performs cyber defense incident triage, including determining scope, urgency, and potential impact, and identifying the specific vulnerability.
  • Provides security consulting to business partners to ensure solution designs are aligned with security principles and cybersecurity frameworks.

Level IV (in addition to Level III Accountabilities)

  • Acts as Team Leader amongst the group of engineers.
  • Performs as the Subject Matter Expert for more than three information security technologies, processes, and practices internally to the Health Plan, and externally in the industry as a whole.

Minimum QualificationsNOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities.

All Levels

  • Bachelor's degree in computer science, Information Technology, or relevant field. In lieu of degree, six (6) cumulative years of related experience required.
  • Hands on experience with the following operating systems preferred: mainframe, Windows, and UNIX (Linux, AIX, Solaris, etc.).
  • Basic knowledge of a minimum of one concept and/or tool listed below:
  • Encryption
  • PKI
  • Network and application security, and related firewalls (Palo Alto Networks, Imperva, etc.)
  • AD, LDAP, and various authentication implementations
  • Virus detection and end point security (McAfee preferred)
  • Vulnerability scanner and pen testing tools (e.g., Rapid 7, Nessus, Nexpose, Metasploit, Appscan, Burp suite, Ida Pro etc.)
  • IDS/IPS and related tools
  • SIEM and tools (e.g., ArcSight, Splunk, SolarWind LEM, QRadar, McAfee, etc.)
  • Common web application security vulnerabilities (e.g., OWASP top ten)
  • Excellent verbal communications skills and concise written communication skills.
  • Excellent organization and multi-tasking skills.

Level II (in Addition To Level I Qualifications)

  • Three (3) of related work experience, and basic knowledge of a minimum of two (2) concepts and/or tools listed above (under Level I).
  • Experience with security controls for operating systems, applications, and database management systems.
  • Experience in evaluating security software packages.
  • Experience with security automation, including associated reporting and notification.
  • Knowledge of network regulations, industry standards and operational constraints of networks systems.

Level III (in Addition To Level II Qualifications)

  • Five (5) years of related work experience, and basic knowledge of a minimum of three (3) concepts and/or tools listed above (under Level I).
  • CISSP, CISA, CISM or other relevant security certification, or equivalent experience, and knowledge preferred.
  • Experience providing work direction for one or more individual’s specific projects and initiatives.
  • Experience providing guidance and mentorship to more junior team members.
  • Knowledge of Security Frameworks and translating aspects into enhancing security postures.

Level IV (in Addition To Level III Qualifications)

  • Seven (7) years of related work experience, and basic knowledge of a minimum of four (4) concepts and/or tools listed above (under Level I).
  • Two (2) years demonstrated expertise in at least three (3) concentrations within information security technology.
  • Experience with creating and managing security architecture.

Physical Requirements

  • Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer.
  • Ability to work while sitting and/or standing at a workstation viewing a computer and using a keyboard, mouse and/or phone for three (3) or more hours at a time.
  • Ability to travel across the Health Plan service region for meetings and/or trainings as needed.
  • Ability to work in a home office for continuous periods of time for business continuity.

One Mission. One Vision. One I.D.E.A. One you.

Together we can create a better I.D.E.A. for our communities.

At the Lifetime Healthcare Companies, we’re on a mission to make our communities healthier, and we can’t do it without you. We know diversity helps fuel our mission and that’s why we approach our work from an I.D.E.A. mindset (Inclusion, Diversity, Equity, and Access). By activating our employees' experiences, skills, and perspectives, we take action toward greater health equity.

We aspire to reflect the communities we live in and serve, and strongly encourage people of color, LGBTQ+ people, people with disabilities, veterans, and other underrepresented groups to apply.

Our Company CultureEmployees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits.

In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.

Equal Opportunity Employer

Equal Opportunity Employer

Compensation Range(s)Grade 208 Minimum: $67,538 Maximum: $124,925

Grade 209 Minimum: $75,816 Maximum: $140,254

Grade 210 Minimum: $85,446 Maximum: $158,080

The salary range indicated in this posting represents the minimum and maximum of the salary range for this position. Actual salary will vary depending on factors including, but not limited to, budget available, prior experience, knowledge, skill and education as they relate to the position’s minimum qualifications, in addition to internal equity. The posted salary range reflects just one component of our total rewards package. Other components of the total rewards package may include participation in group health and/or dental insurance, retirement plan, wellness program, paid time away from work, and paid holidays.

Please note: There may be opportunity for remote work within all jobs posted by the Excellus Talent Acquisition team. This decision is made on a case-by-case basis.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Info Security & Cybersecurity Engineer I/II/III at Excellus BCBS (2024)

FAQs

How do I appeal an Excellus denial? ›

Call Customer Service at the phone number listed on your Member Card, or view our Contact Us page for a listing of phone numbers. You may also submit your grievance or request for appeal in writing. See our Contact Us page for the address of your local office.

What state is Excellus BCBS in? ›

Excellus BlueCross BlueShield, headquartered in Rochester, NY, is part of a $6 billion family of companies that finances and delivers health care services across upstate New York and long term care insurance nationwide.

Is Excellus BCBS the same as Anthem? ›

Anthem, which owns Blues plans in several states, and Excellus (whose parent is Lifetime Healthcare Co.) are separate entities but linked through the Blues network. “That system enables Blue Cross and Blue Shield customers to access care anywhere in the country,” Becher said.

Can you appeal a denial letter? ›

You have the right to appeal your health plan's denial of benefits for covered services that you and your health care provider (doctor, hospital, etc.) believe are medically necessary. By filing an internal appeal, you are requesting your health plan to review the denial decision in a fair and complete way.

What are the steps for appealing a claim denial or rejection? ›

Steps to Appeal a Health Insurance Claim Denial
  1. Step 1: Find Out Why Your Claim Was Denied. ...
  2. Step 2: Call Your Insurance Provider. ...
  3. Step 3: Call Your Doctor's Office. ...
  4. Step 4: Collect the Right Paperwork. ...
  5. Step 5: Submit an Internal Appeal. ...
  6. Step 6: Wait For An Answer. ...
  7. Step 7: Submit an External Review.

Is HMO or PPO better? ›

HMO plans typically have lower monthly premiums. You can also expect to pay less out of pocket. PPOs tend to have higher monthly premiums in exchange for the flexibility to use providers both in and out of network without a referral. Out-of-pocket medical costs can also run higher with a PPO plan.

Who owns Excellus insurance? ›

What does PPO mean in HealthCare? ›

Preferred provider organization (PPO) A type of medical plan in which coverage is provided to participants through a network of selected health care providers, such as hospitals and physicians.

How long has Excellus been around? ›

1996Excellus, Inc., a nonprofit holding company, is created by the mergers of the BlueCross BlueShield Plans in Central New York and Rochester. 1997BlueCross BlueShield of Utica-Watertown joins Excellus.

What is BlueCross BlueShield called in NY? ›

Empire is now Anthem. New name. Same commitment to you. As of January 1, 2024, the Empire BlueCross BlueShield and Empire BlueCross names are Anthem Blue Cross and Blue Shield and Anthem Blue Cross.

What is the S&P rating for Excellus? ›

NEW YORK (S&P Global Ratings) May 1, 2024--S&P Global Ratings said today it affirmed its 'BBB+' long-term financial strength and issuer credit ratings on Excellus Health Plan Inc. The outlook remains stable.

Who is the CEO for Blue Cross Blue Shield? ›

Is Excellus part of Medicare? ›

Excellus BlueCross BlueShield offers a wide range of Medicare Supplement plans. You choose the benefits that best meet your needs.

Where is Blue Cross Blue Shield headquarters located? ›

How do I appeal no prior authorization denial? ›

The appeal letter should be concise, but compelling. It should clearly explain why the treatment or service is necessary for the patient's health, and should address the specific reason for the denial. It's important to use language that is easy to understand, and to provide concrete examples whenever possible.

How do I appeal a travel insurance denial? ›

How to Appeal a Travel Insurance Claim Denial
  1. Step 1: Review the Denial Letter. A denial letter is a document an insurance company sends you to inform you that it has denied your travel claim. ...
  2. Step 2: Gather Relevant Documentation. ...
  3. Step 3: Craft a Persuasive Appeal Letter. ...
  4. Step 4: Submitting the Appeal.
May 6, 2024

What is an external appeal? ›

If an insurance company upholds its decision to deny payment, the law provides consumers with the right to appeal the decisions to an outside, independent decision-maker, regardless of the type of insurance or state an individual lives in.

Top Articles
Latest Posts
Article information

Author: Catherine Tremblay

Last Updated:

Views: 5749

Rating: 4.7 / 5 (67 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Catherine Tremblay

Birthday: 1999-09-23

Address: Suite 461 73643 Sherril Loaf, Dickinsonland, AZ 47941-2379

Phone: +2678139151039

Job: International Administration Supervisor

Hobby: Dowsing, Snowboarding, Rowing, Beekeeping, Calligraphy, Shooting, Air sports

Introduction: My name is Catherine Tremblay, I am a precious, perfect, tasty, enthusiastic, inexpensive, vast, kind person who loves writing and wants to share my knowledge and understanding with you.