Note: The job is a remote job and is open to candidates in USA. Horizon Blue Cross Blue Shield of New Jersey empowers members to achieve their best health and is seeking a Cybersecurity Threat & Vulnerability Analyst. This role is responsible for developing, implementing, and enhancing processes to identify, assess, and remediate vulnerabilities across the technology environment, as well as supporting threat intelligence and threat hunting initiatives.
Responsibilities
- Develop and enhance vulnerability scanning strategies to ensure comprehensive coverage across Horizon’s enterprise environment
- Conduct internal and external vulnerability assessments and validate scan results
- Apply established vulnerability management standards to classify vulnerabilities based on severity, exploitability, and business risk
- Categorize and prioritize assets according to criticality and organizational impact
- Partner with EBTS teams to develop and execute vulnerability remediation plans in accordance with established service level agreements (SLAs)
- Track and report remediation activities to ensure timely resolution of identified vulnerabilities
- Analyze emerging cyber threats and assess potential impacts to Horizon’s technology environment
- Communicate current risk exposure, remediation efforts, and security recommendations to senior leadership and key stakeholders
- Develop, maintain, and present weekly and monthly vulnerability management metrics and executive reports
- Create, update, and maintain policies, standards, procedures, and process documentation related to vulnerability management and threat intelligence operations
- Ensure security controls, policies, and standards are operating effectively to satisfy audit and regulatory requirements
- Assist in the development and maturation of a threat hunting program by documenting threat scenarios, response playbooks, and use cases
- Collaborate with internal teams to investigate, validate, and resolve vulnerability findings, false positives, and remediation exceptions
- Support continuous improvement initiatives aimed at strengthening the organization’s overall cybersecurity posture
Skills
- High School Diploma or GED required
- Minimum of five (5) years of Information Security experience required
- At least three (3) years of experience focused on vulnerability identification, assessment, and remediation
- Strong understanding of cybersecurity frameworks and methodologies, including Cyber Kill Chain, Defense-in-Depth, and related security models
- Comprehensive knowledge of vulnerability management and patch management processes and their respective remediation approaches
- Deep understanding of indicators of compromise (IOCs), advanced persistent threats (APTs), cybercrime techniques, and attacker tactics, techniques, and procedures (TTPs)
- Knowledge of operating systems including Windows, Linux/Unix, and macOS
- Experience with vulnerability management platforms such as Nessus, Qualys, InsightVM (Nexpose), or similar solutions
- Knowledge of Center for Internet Security (CIS) benchmarks and Critical Security Controls
- Familiarity with threat intelligence platforms and sources such as Recorded Future, ThreatConnect/ThreatStream, H-ISAC, NJCCIC, and similar resources
- Understanding of audit, regulatory, and compliance requirements related to cybersecurity programs
- Proven ability to prioritize vulnerabilities and systems based on risk, asset criticality, and business impact
- Experience utilizing CVSS scoring and risk-based vulnerability management methodologies
- Strong analytical, investigative, and problem-solving skills
- Excellent verbal and written communication skills, including the ability to present technical information to both technical and non-technical audiences
- Experience creating executive-level dashboards, scorecards, and presentations using tools such as Microsoft PowerPoint, Visio, and Excel
- Experience developing and documenting security processes, standards, and procedures
- Ability to facilitate cross-functional collaboration and drive vulnerability remediation efforts across multiple teams
- Experience negotiating remediation plans, exception requests, SLA extensions, and false-positive determinations
- Strong project management, organizational, and time-management skills
- Ability to manage multiple priorities in a fast-paced environment
- Demonstrated attention to detail and commitment to operational excellence
- Self-motivated and capable of working independently while maintaining effective communication with stakeholders
- Strong interpersonal skills with the ability to build partnerships and influence outcomes across the organization
- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field preferred
- Experience working within a large enterprise environment preferred
- Experience supporting security audits, regulatory compliance reviews, and risk management programs preferred
- One or more of the following certifications is required or strongly preferred: CISSP (Certified Information Systems Security Professional), GCTI (GIAC Cyber Threat Intelligence), GIAC certifications, CompTIA Security+, Certified Ethical Hacker (CEH)
Benefits
- Comprehensive health benefits (Medical/Dental/Vision)
- Retirement Plans
- Generous PTO
- Incentive Plans
- Wellness Programs
- Paid Volunteer Time Off
- Tuition Reimbursement
Company Overview
Company H1B Sponsorship