Senior Cybersecurity Analyst (Remote)

Company: CareFirst, Inc.
Location: Baltimore
Posted on: March 22, 2025

Job Description:

PURPOSE:To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the Cybersecurity team while supporting business and customer needs.CareFirst is looking for a Senior Threat Intelligence Analyst to produce high-quality cyber threat intelligence, with a focus on the activity, trends, and motivations of nation-state-aligned cyber threat actors (referred to as Advanced Persistent Threat (APT) groups). The analyst will be responsible for responding to intelligence requests, tracking APT group activities, and developing intelligence reports tailored to CareFirst's threat landscape.This role requires expertise in APT profiling, geopolitical cyber threats, threat modeling, and automation of intelligence collection and enrichment. The analyst will also support CareFirst Threat Intelligence Service (CTIS), ensuring timely and actionable intelligence dissemination to protect CareFirst and its subsidiaries/partners.ESSENTIAL FUNCTIONS:

• Conduct in-depth analysis of APT group activities, including their motivations, TTPs, attack vectors, and geopolitical drivers. Suggest improvement initiatives through research of cybersecurity policies, indicators, and protocols.
• Engage with internal and external stakeholders throughout the report lifecycle.
• Initial scoping of intelligence requests.
• Delivery of finished intelligence products.
• Follow-up support and impact assessment.
• Collaborate with threat hunting, SOC, and incident response teams to operationalize intelligence findings.
• Participate in Quarterly, Monthly and bi-weekly intelligence briefings for CareFirst and BCBS plans.
• Monitor, analyze, and report on APT campaigns originating from the Big 4 (Russia, China, North Korea, and Iran). Develop threat actor profiles, tracking nation-state tactics and malware trends. Suggest / Enhance company-wide security best practices.
• Develop automated threat research methodologies to streamline analysis.
• Enhance threat intelligence enrichment via Threat Intelligence Platform (ThreatQuotient), Recorded Future, Cyble, SIEM, and EDR.
• Improve intelligence dissemination workflows, ensuring seamless integration with security controls.
• Cross-Functional Research & Partner Collaboration.
• Contribute APT insights to broader cyber intelligence initiatives.
• Work with external partners, ISACs, and industry threat-sharing groups (e.g., BlueIntel, H-ISAC, CISA, FBI and others).
• Support the CareFirst Threat Intelligence Service (CTIS) by providing intelligence tailored to participating subsidiaries, BCBS plans and other companies.
• Produce and review finished intelligence reports aligned with CareFirst's intelligence priorities. Remain up to date on Information Security trends and emergent threats.
• Research emerging information security threats, vulnerabilities, and their countermeasures.
• Assess, plan, and execute security measures in a layered approach to protect the organization.QUALIFICATIONS:Education Level: Bachelor's Degree, Computer Science, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.Experience: 5 years related experience. 5+ years of experience as a threat intelligence analyst, incident responder, or cyber investigator (Preferred) or cybersecurity certification and 3 years related experience.Preferred Qualifications:Proven ability to conduct technical threat analysis and research on cyber threats, malware, and geopolitical risks.Strong understanding of TCP/IP, networking protocols, and network traffic analysis techniques.Expertise in at least one APT group, including past activities, TTPs, and motivations.Experience using common CTI research and data analysis tools, such as:
  • ELK Stack (ElasticSearch, Kibana), Maltego, Shodan, DomainTools
  • ThreatQuotient (ThreatQ), Cyble, MISP, VirusTotalAbility to manage intelligence requests, balancing scope, depth, and delivery timeframes.Strong written communication skills, with the ability to produce detailed reports and assessments.Experience applying MITRE TT&CK, Diamond Model, and Cyber Kill Chain frameworks to intelligence reporting.Experience working with clients to define intelligence requirements and align research with business needs.Demonstrable experience in cyber threat investigations, including APT attribution, malware analysis, or threat hunting.Experience integrating threat intelligence into security operations, SOC workflows, and IR processes.Certifications (Preferred): GCTI, CTIA, CISSP, OSCP, CEH, SANS FOR578.Salary Range: $89,496 - $177,749Travel Requirements: Estimate Amount: 10%Salary Range DisclaimerThe disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilities of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.PHYSICAL DEMANDS:The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.Sponsorship in US: Must be eligible to work in the U.S. without Sponsorship.
    #J-18808-Ljbffr

Keywords: CareFirst, Inc., Baltimore , Senior Cybersecurity Analyst (Remote), Professions , Baltimore, Maryland