About the RoleThis role works closely with the Enterprise Business and Technology Solutions (EBTS) Division to develop, implement, and enhance processes that identify, assess, and remediate vulnerabilities across Horizon's technology environment. The analyst is responsible for performing internal and external vulnerability assessments, managing vulnerability scanning programs, establishing security standards, and evaluating exceptions and false-positive findings.
The position plays a key role in reducing organizational risk by partnering with technology teams to prioritize and remediate vulnerabilities, developing long-term security solutions, and supporting threat intelligence and threat hunting initiatives. The incumbent will stay current on emerging threats, industry standards, and security trends, providing regular updates and recommendations to leadership regarding risks requiring remediation.
What You'll Do- Develop and enhance vulnerability scanning strategies to ensure comprehensive coverage across Horizon's enterprise environment.
- Conduct internal and external vulnerability assessments and validate scan results.
- Apply established vulnerability management standards to classify vulnerabilities based on severity, exploitability, and business risk.
- Categorize and prioritize assets according to criticality and organizational impact.
- Partner with EBTS teams to develop and execute vulnerability remediation plans in accordance with established service level agreements (SLAs).
- Track and report remediation activities to ensure timely resolution of identified vulnerabilities.
- Analyze emerging cyber threats and assess potential impacts to Horizon's technology environment.
- Communicate current risk exposure, remediation efforts, and security recommendations to senior leadership and key stakeholders.
- Develop, maintain, and present weekly and monthly vulnerability management metrics and executive reports.
- Create, update, and maintain policies, standards, procedures, and process documentation related to vulnerability management and threat intelligence operations.
- Ensure security controls, policies, and standards are operating effectively to satisfy audit and regulatory requirements.
- Assist in the development and maturation of a threat hunting program by documenting threat scenarios, response playbooks, and use cases.
- Collaborate with internal teams to investigate, validate, and resolve vulnerability findings, false positives, and remediation exceptions.
- Support continuous improvement initiatives aimed at strengthening the organization's overall cybersecurity posture
What You BringEducation/Experience:- High School Diploma or GED required.
- Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field preferred.
- Relevant experience may be considered in lieu of a degree.
Experience:- Minimum of five (5) years of Information Security experience required.
- At least three (3) years of experience focused on vulnerability identification, assessment, and remediation.
- Experience working within a large enterprise environment preferred.
- Experience supporting security audits, regulatory compliance reviews, and risk management programs preferred.
Certifications:- One or more of the following certifications is required or strongly preferred:
- CISSP (Certified Information Systems Security Professional)
- GCTI (GIAC Cyber Threat Intelligence)
- GIAC certifications
- CompTIA Security+
- Certified Ethical Hacker (CEH)
Knowledge:- Strong understanding of cybersecurity frameworks and methodologies, including Cyber Kill Chain, Defense-in-Depth, and related security models.
- Comprehensive knowledge of vulnerability management and patch management processes and their respective remediation approaches.
- Deep understanding of indicators of compromise (IOCs), advanced persistent threats (APTs), cybercrime techniques, and attacker tactics, techniques, and procedures (TTPs).
- Knowledge of operating systems including Windows, Linux/Unix, and macOS.
- Experience with vulnerability management platforms such as Nessus, Qualys, InsightVM (Nexpose), or similar solutions.
- Knowledge of Center for Internet Security (CIS) benchmarks and Critical Security Controls.
- Familiarity with threat intelligence platforms and sources such as Recorded Future, ThreatConnect/ThreatStream, H-ISAC, NJCCIC, and similar resources.
- Understanding of audit, regulatory, and compliance requirements related to cybersecurity programs.
Skills & Abilities:- Proven ability to prioritize vulnerabilities and systems based on risk, asset criticality, and business impact.
- Experience utilizing CVSS scoring and risk-based vulnerability management methodologies.
- Strong analytical, investigative, and problem-solving skills.
- Excellent verbal and written communication skills, including the ability to present technical information to both technical and non-technical audiences.
- Experience creating executive-level dashboards, scorecards, and presentations using tools such as Microsoft PowerPoint, Visio, and Excel.
- Experience developing and documenting security processes, standards, and procedures.
- Ability to facilitate cross-functional collaboration and drive vulnerability remediation efforts across multiple teams.
- Experience negotiating remediation plans, exception requests, SLA extensions, and false-positive determinations.
- Strong project management, organizational, and time-management skills.
- Ability to manage multiple priorities in a fast-paced environment.
- Demonstrated attention to detail and commitment to operational excellence.
- Self-motivated and capable of working independently while maintaining effective communication with stakeholders.
- Strong interpersonal skills with the ability to build partnerships and influence outcomes across the organization.
Salary Range:$97,800 - $133,455
This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to: education, experience, licensure, certifications, geographic location, and internal equity. This range has been created in good faith based on information known to Horizon at the time of posting. Compensation decisions are dependent on the circumstances of each case. Horizon also provides a comprehensive compensation and benefits package which includes:
- Comprehensive health benefits (Medical/Dental/Vision)
- Retirement Plans
- Generous PTO
- Incentive Plans
- Wellness Programs
- Paid Volunteer Time Off
- Tuition Reimbursement