Horizon Blue Cross Blue Shield of New Jersey empowers our members to achieve their best health. For over 90 years, we have been New Jersey's health solutions leader driving innovations that improve health care quality, affordability, and member experience. Our members are our neighbors, our friends, and our families. It is this understanding that drives us to better serve and care for the 3.5 million people who place their trust in us. We pride ourselves on our best-in-class employees and strive to maintain an innovative and inclusive environment that allows them to thrive. When our employees bring their best and succeed, the Company succeeds.The Threat and Vulnerability Analyst works with the Information Technology Division to develop and modify processes that identify and remediate vulnerabilities in Horizons technical environment. The TVM Analyst II is actively scanning the Enterprise environment both internally and externally, create standards, and handle false positives and exceptions. In addition, the TVM Analyst will work to create long term solutions to potential threats to our environment. The incumbent will stay current on industry standards, evaluating trends, and reporting back to senior management regarding activity that needs resolution. Responsibilities: - Develop and enhance scanning strategies to ensure complete coverage of Horizons entire networked environment.- Partner with senior leaders within the IT Division to categorize vulnerabilities based on severity and risk for exploitation, and to categorize assets by criticality.- Partner with the IT Division to establish SLAs for the remediation of vulnerabilities based on the severity of the vulnerability and the criticality of the asset.- Partner with the IT Division to track vulnerability remediation.- Collaborate with IT leadership regarding false positive determination and exceptions processes- Converse with Senior Management at all levels as to the current state of risk posed by vulnerabilities in the Horizon environment and the proposed remediation of those vulnerabilities..- Create, maintain and present weekly and monthly metrics, to various audiences.- Create and modify processes/procedures as needed, such as those supporting vulnerability remediation and the processing of threat intelligence.- Ensure appropriate controls are being executed and policies/standards are enforced to satisfy Audit requirements.- Assist in building a threat hunting program by developing and documenting threat and response scenarios and use cases Education/Experience: - High School Diploma/GED required- Bachelor degree preferred or relevant experience in lieu of degree- Minimum 5 years IT Security experience (3yrs of the 5 detecting and remediating vulnerabilities) Additional licensing, certifications, registrations: - Requires one or more industry certifications: CISSP, GCTI or similar industry certification Knowledge: - Knowledge of how to employ various security methodologies (Cyber-Kill-Chain, Defense-in-Depth, etc) in a security program.- Knowledge of Patch Management and Vulnerability Management, and the difference in processes needed to remediate vulnerabilities- A deep understanding of IOCs, threat hunting, and APTs, cyber-crime and associated tools, tactics and procedures- Excellent knowledge of IT and computer systems.- Experience working with operating systems (Windows, *Nix, and Mac)- Experience working with a vulnerability scanning application (Nexpose, Nessus, Qualys). Skills and Abilities: Experience working with IT teams to prioritize both vulnerabilities and systems so that the most critical vulnerabilities are removed from the most critical systems in a short time span, including:- Identifying the most critical systems- Classifying vulnerabilities by CVSS score- Experience preparing & presenting metrics to all levels in an organization, including:- The use of various visualization techniques, and
CLZUU DOMUU SK111 SK222 SK333 SK444 SK555 SK666
