Horizon Blue Cross & Blue Shield

Cybersecurity Threat & Vulnerability Analyst

US-AnywhereRemote in Newark, NJ
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • High School Diploma or GED required; Bachelor's degree preferred in relevant fields.
  • 5+ years of Information Security experience required; 3+ years in vulnerability management.
  • Experience in large enterprise settings preferred; security audits experience valued.
  • Certifications like CISSP, GCTI, or CompTIA Security+ are required or strongly preferred.

Responsibilities

  • Develop and enhance vulnerability scanning strategies for comprehensive coverage.
  • Conduct internal and external vulnerability assessments and validate results.
  • Apply vulnerability management standards to classify and prioritize vulnerabilities.
  • Partner with teams to execute remediation plans per service level agreements.
  • Track and report remediation activities for timely resolution of vulnerabilities.
  • Analyze emerging threats to assess impact on technology environments.
  • Communicate risk exposure and remediation efforts to senior leadership.

Benefits

  • Comprehensive health benefits (Medical/Dental/Vision).
  • Retirement Plans.
  • Generous PTO.
  • Incentive Plans.
  • Wellness Programs.
  • Paid Volunteer Time Off.
  • Tuition Reimbursement.
Full Job Description


About the Role

This role works closely with the Enterprise Business and Technology Solutions (EBTS) Division to develop, implement, and enhance processes that identify, assess, and remediate vulnerabilities across Horizon's technology environment. The analyst is responsible for performing internal and external vulnerability assessments, managing vulnerability scanning programs, establishing security standards, and evaluating exceptions and false-positive findings.

The position plays a key role in reducing organizational risk by partnering with technology teams to prioritize and remediate vulnerabilities, developing long-term security solutions, and supporting threat intelligence and threat hunting initiatives. The incumbent will stay current on emerging threats, industry standards, and security trends, providing regular updates and recommendations to leadership regarding risks requiring remediation.

What You'll Do

  • Develop and enhance vulnerability scanning strategies to ensure comprehensive coverage across Horizon's enterprise environment.
  • Conduct internal and external vulnerability assessments and validate scan results.
  • Apply established vulnerability management standards to classify vulnerabilities based on severity, exploitability, and business risk.
  • Categorize and prioritize assets according to criticality and organizational impact.
  • Partner with EBTS teams to develop and execute vulnerability remediation plans in accordance with established service level agreements (SLAs).
  • Track and report remediation activities to ensure timely resolution of identified vulnerabilities.
  • Analyze emerging cyber threats and assess potential impacts to Horizon's technology environment.
  • Communicate current risk exposure, remediation efforts, and security recommendations to senior leadership and key stakeholders.
  • Develop, maintain, and present weekly and monthly vulnerability management metrics and executive reports.
  • Create, update, and maintain policies, standards, procedures, and process documentation related to vulnerability management and threat intelligence operations.
  • Ensure security controls, policies, and standards are operating effectively to satisfy audit and regulatory requirements.
  • Assist in the development and maturation of a threat hunting program by documenting threat scenarios, response playbooks, and use cases.
  • Collaborate with internal teams to investigate, validate, and resolve vulnerability findings, false positives, and remediation exceptions.
  • Support continuous improvement initiatives aimed at strengthening the organization's overall cybersecurity posture


What You Bring

Education/Experience:
  • High School Diploma or GED required.
  • Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field preferred.
  • Relevant experience may be considered in lieu of a degree.


Experience:
  • Minimum of five (5) years of Information Security experience required.
  • At least three (3) years of experience focused on vulnerability identification, assessment, and remediation.
  • Experience working within a large enterprise environment preferred.
  • Experience supporting security audits, regulatory compliance reviews, and risk management programs preferred.

Certifications:
  • One or more of the following certifications is required or strongly preferred:
  • CISSP (Certified Information Systems Security Professional)
  • GCTI (GIAC Cyber Threat Intelligence)
  • GIAC certifications
  • CompTIA Security+
  • Certified Ethical Hacker (CEH)


Knowledge:
  • Strong understanding of cybersecurity frameworks and methodologies, including Cyber Kill Chain, Defense-in-Depth, and related security models.
  • Comprehensive knowledge of vulnerability management and patch management processes and their respective remediation approaches.
  • Deep understanding of indicators of compromise (IOCs), advanced persistent threats (APTs), cybercrime techniques, and attacker tactics, techniques, and procedures (TTPs).
  • Knowledge of operating systems including Windows, Linux/Unix, and macOS.
  • Experience with vulnerability management platforms such as Nessus, Qualys, InsightVM (Nexpose), or similar solutions.
  • Knowledge of Center for Internet Security (CIS) benchmarks and Critical Security Controls.
  • Familiarity with threat intelligence platforms and sources such as Recorded Future, ThreatConnect/ThreatStream, H-ISAC, NJCCIC, and similar resources.
  • Understanding of audit, regulatory, and compliance requirements related to cybersecurity programs.

Skills & Abilities:
  • Proven ability to prioritize vulnerabilities and systems based on risk, asset criticality, and business impact.
  • Experience utilizing CVSS scoring and risk-based vulnerability management methodologies.
  • Strong analytical, investigative, and problem-solving skills.
  • Excellent verbal and written communication skills, including the ability to present technical information to both technical and non-technical audiences.
  • Experience creating executive-level dashboards, scorecards, and presentations using tools such as Microsoft PowerPoint, Visio, and Excel.
  • Experience developing and documenting security processes, standards, and procedures.
  • Ability to facilitate cross-functional collaboration and drive vulnerability remediation efforts across multiple teams.
  • Experience negotiating remediation plans, exception requests, SLA extensions, and false-positive determinations.
  • Strong project management, organizational, and time-management skills.
  • Ability to manage multiple priorities in a fast-paced environment.
  • Demonstrated attention to detail and commitment to operational excellence.
  • Self-motivated and capable of working independently while maintaining effective communication with stakeholders.
  • Strong interpersonal skills with the ability to build partnerships and influence outcomes across the organization.


Salary Range:
$97,800 - $133,455

This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to: education, experience, licensure, certifications, geographic location, and internal equity. This range has been created in good faith based on information known to Horizon at the time of posting. Compensation decisions are dependent on the circumstances of each case. Horizon also provides a comprehensive compensation and benefits package which includes:
  • Comprehensive health benefits (Medical/Dental/Vision)
  • Retirement Plans
  • Generous PTO
  • Incentive Plans
  • Wellness Programs
  • Paid Volunteer Time Off
  • Tuition Reimbursement

About Horizon Blue Cross & Blue Shield

Horizon Blue Cross Blue Shield of New Jersey is a health insurance company that provides coverage to individuals and businesses in New Jersey. The company offers a variety of health plans, including HMO, PPO, and EPO plans, as well as Medicare and Medicaid plans. Horizon BCBSNJ also provides wellness programs and resources to help members manage their health. The company is committed to improving the health of the communities it serves and has partnered with local organizations to address health disparities and promote healthy living.
Learn more about Horizon Blue Cross & Blue Shield
Size
5,500 employees
Industry

Similar Jobs

More Jobs at Horizon Blue Cross & Blue Shield

More Information Technology Jobs

Find similar Cybersecurity Threat & Vulnerability Analyst jobs: