Threat & Vulnerability Analyst II

Horizon Blue Cross Blue Shield of New Jersey empowers our members to achieve their best health.  For over 90 years, we have been New Jersey’s health solutions leader driving innovations that improve health care quality, affordability, and member experience.  Our members are our neighbors, our friends, and our families.  It is this understanding that drives us to better serve and care for the 3.5 million people who place their trust in us. We pride ourselves on our best-in-class employees and strive to maintain an innovative and inclusive environment that allows them to thrive. When our employees bring their best and succeed, the Company succeeds. 

The Threat and Vulnerability Analyst works with the Information Technology Division to develop and modify processes that identify and remediate vulnerabilities in Horizons technical environment. The TVM Analyst II is actively scanning the Enterprise environment both internally and externally, create standards, and handle false positives and exceptions. In addition, the TVM Analyst will work to create long term solutions to potential threats to our environment. The incumbent will stay current on industry standards, evaluating trends, and reporting back to senior management regarding activity that needs resolution.

Responsibilities:

• Develop and enhance scanning strategies to ensure complete coverage of Horizons entire networked environment.
• Partner with senior leaders within the IT Division to categorize vulnerabilities based on severity and risk for exploitation, and to categorize assets by criticality.
• Partner with the IT Division to establish SLAs for the remediation of vulnerabilities based on the severity of the vulnerability and the criticality of the asset.
• Partner with the IT Division to track vulnerability remediation.
• Collaborate with IT leadership regarding false positive determination and exceptions processes
• Converse with Senior Management at all levels as to the current state of risk posed by vulnerabilities in the Horizon environment and the proposed remediation of those vulnerabilities..
• Create, maintain and present weekly and monthly metrics, to various audiences.
• Create and modify processes/procedures as needed, such as those supporting vulnerability remediation and the processing of threat intelligence.
• Ensure appropriate controls are being executed and policies/standards are enforced to satisfy Audit requirements.
• Assist in building a threat hunting program by developing and documenting threat and response scenarios and use cases

Education/Experience:

• High School Diploma/GED required
• Bachelor degree preferred or relevant experience in lieu of degree
• Minimum 5 years IT Security experience (3yrs of the 5 detecting and remediating vulnerabilities)

Additional licensing, certifications, registrations:

• Requires one or more industry certifications: CISSP, GCTI or similar industry certification

Knowledge:

• Knowledge of how to employ various security methodologies (Cyber-Kill-Chain, Defense-in-Depth, etc) in a security program.
• Knowledge of Patch Management and Vulnerability Management, and the difference in processes needed to remediate vulnerabilities
• A deep understanding of IOCs, threat hunting, and APTs, cyber-crime and associated tools, tactics and procedures
• Excellent knowledge of IT and computer systems.
• Experience working with operating systems (Windows, *Nix, and Mac)
• Experience working with a vulnerability scanning application (Nexpose, Nessus, Qualys).

Skills and Abilities:
Experience working with IT teams to prioritize both vulnerabilities and systems so that the most critical vulnerabilities are removed from the most critical systems in a short time span, including:

• Identifying the most critical systems
• Classifying vulnerabilities by CVSS score
• Experience preparing & presenting metrics to all levels in an organization, including:
• The use of various visualization techniques, and understanding where/when appropriate
• The appropriate level of detail for the intended audience
• The use of tools , such as MS-PowerPoint, Visio, etc
• Experience in developing and modifying security policies, standards and processes
• Defining the need for a new/changed process
• Documenting the process flow using a tool such as Visio
• Working with other teams to implement
• Establishing SLAs to determine effectiveness.
• Experience identifying system vulnerabilities and working with appropriate teams to remediate them.
• Experience defining Operating System Baseline Configuration standards, including:
• Mapping to standards such as the Center for Internet Security (CIS) Critical Security Controls
• Scanning, and working with appropriate teams to remediate.
• Experience working with Internal and External Auditors to ensure that documented controls / policies/ and standards are being adhered to
• Experience utilizing various threat intelligence collection and reporting applications and sources such as ThreatStream, NH-ISAC, NJCCIC
• Experience negotiating with teams regarding operational processes and procedures, including false positives, remediation exceptions, SLA extensions, etc.
• Ability to work in a large corporate environment as well as some experience analyzing emerging threats and emerging risks is important.
• Requires exceptional analytical thinking skills or analytical and problem solving skills
• Requires excellent verbal and written communication skills
• Requires excellent interpersonal skills and the ability to work effectively with others as a team
• Requires excellent PC skills and demonstrated proficiency with MS Office Suite
• Requires the ability to handle multiple tasks and prioritize effectively
• Detail oriented and excellent organizational, time and stress management skills
• Ability to work well individually as well as in a team environment
• Self-starter with demonstrated ability to make decisions as necessary, escalating when appropriate, and ensuring that there is communication to all teams

Horizon BCBSNJ employees must live in New Jersey, New York, Pennsylvania, Connecticut or Delaware

Salary Range:

$96,300 - $131,565

​This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to: education, experience, licensure, certifications, geographic location, and internal equity.  This range has been created in good faith based on information known to Horizon at the time of posting.  Compensation decisions are dependent on the circumstances of each case. Horizon also provides a comprehensive compensation and benefits package which includes:

• Comprehensive health benefits (Medical/Dental/Vision)

• Retirement Plans

• Generous PTO

• Incentive Plans

• Wellness Programs

• Paid Volunteer Time Off

• Tuition Reimbursement

Disclaimer:
This job summary has been designed to indicate the general nature and level of work performed by colleagues within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of colleagues assigned to this job.

Horizon Blue Cross Blue Shield of New Jersey is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or status as an individual with a disability and any other protected class as required by federal, state or local law.  Horizon will consider reasonable accommodation requests as part of the recruiting and hiring process.