Why should you join the BlueCross BlueShield of South Carolina family of companies? Other companies come and go, but for more than seven decades we’ve been part of the national landscape, with our roots firmly embedded in the South Carolina community. Business and political climates may change, but we’re stronger than ever. Our A.M. Best rating is A+ (Superior) — making us the only health insurance company in South Carolina with that rating. We’re the largest insurance company in South Carolina …and much more. We are one of the nation’s leading administrators of government contracts. We operate one of the most sophisticated data processing centers in the Southeast. We also have a diverse family of subsidiary companies that allows us to build on a variety of business strengths. We deliver outstanding service to our customers. If you are dedicated to the same philosophy, consider joining our team!

Job Title: Senior Analyst, Cyber Security

Position Notes:

• Partial Onsite (Tuesday Wednesday Thursday and as needed) is highly preferred. 
• Will look at remote candidates if cannot find local.
• Team Name: Cyber Threat Intelligence Team.
• Work Hours: The CTI team has members that work 8-hour days between 7 am and 7 pm. (8 am - 5 pm is the standard but flexibility is available). 
• Schedule will be agreed upon between the employee and management. 
• The majority of work is done during regular business hours. Some testing may be required after hours and must be willing to work late if needed. This will be scheduled ahead of time by the assessment team.

Required Technologies:

• Burp Suite Professional – for web application interception, manipulation, and automated scanning.
• OWASP Top 10 knowledge and exploitation techniques – including injection, XSS, IDOR, and authentication flaws.
• API Security Testing - strong understanding and experience testing APIs using tools such as Postman, Swagger UI, ReadAPI, including RESTful and GraphQL endpoints.
• Experience with SAST and DAST tools – demonstrate hands-on experience using SAST and DAST tools

Nice To Haves:

Experience testing modern client-side frameworks like React, Angular, or Vue.js.
Cloud platform security testing (AWS, Azure) including IAM misconfigurations and serverless apps.
Familiarity with CI/CD pipeline security and DevSecOps integration.

Day to Day:

• A typical day in this role involves conducting deep-dive web application and API penetration tests, leveraging tools such as Burp Suite and custom scripts. 
• Will work closely with application owners and dev teams, scheduling and leading engagements, gathering application details, define testing scope, and manage assessment timelines. 
• The tester will review application architecture, identify vulnerabilities via manual and automated techniques, and document technical findings with clear remediation guidance.  
• Time will also be spent validating previously reported issues, refining testing methodologies aligned to OWASP and industry standards, and collaborating with developers or stakeholders to walk through security concerns. 
• They may also be involved in tuning testing platforms and integrating security checks into development pipelines where applicable. 
• The role also involves contributing to any necessary internal and reporting documentation.

Soft Skills:

• Clear communication – to effectively explain technical issues to both developers and non-technical stakeholders.
• Leadership and initiative – the candidate will help shape and scale the program and must confidently lead efforts.
• Adaptability – essential when navigating diverse application stacks and shifting project priorities.
• Collaboration – ability to work with various teams across development, security, and management.
• Documentation and reporting – must produce concise, accurate, and actionable findings that support remediation.

Duties:

• Performs daily monitoring and review of security events that are escalated by junior analysts. Keeps up with the cyber threat landscape in order to rapidly identify potential threats. 
• Performs security assessments such as penetration testing, vulnerability scanning and advanced threat hunting. •40% Plans and performs security assessments such as penetration testing, vulnerability scanning and advanced threat hunting. 
• Anticipates and mitigates potential attacks through enterprise connections to ensure the security of the system (s). Exploits weaknesses detected in systems to assess and prevent potential break-ins. Analyzes business impact and exposure based on security threats, vulnerabilities, and risks. Keeps up with the cyber threat landscape in order to rapidly identify potential threats. Ensures security tools are properly tuned to identify and contain cyber-attacks before they happen.
• 20% Develops and implements enterprise information security architectures and solutions. Research, designs, and advocates new technologies, infrastructure, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Identifies, plans and implements security tools.
• 20% Performs daily monitoring and review of security events that are escalated by junior analysts. Provides security technical guidance to junior analysts. Performs investigations as needed and responses to potential incidents rapidly and accurately.
• 10% Research new security/cyber intelligence and keeps up with the cyber threat landscape in order to rapidly identify potential threats. Ensures security tools are properly tuned to identify and contain cyber-attacks before they happen.
• 5% Evaluates and recommends procedures and processes for the prevention, detection, containment and correction of information security breaches. Advises management and users regarding security procedures.
• 5% Monitors security agencies and services in order to keep apprised of current security threats and concerns. Evaluates products and/or procedures to enhance productivity and effectiveness of information security across the organization. 

Required Skills and Abilities: 

• Strong analytical, data gathering and problem-solving skills with experience analyzing network attacks. 
• Understanding of system and network security, incident management, intrusion detection, log analysis, and related technologies. 
• Creativity to recognize and address new threats and security challenges as they arise. 
• Strong knowledge of enterprise data architecture, systems engineering and data communications as applied to the automated storage and retrieval of information, using multiple platforms and protocols with the inherent security risks of each. 
• Ability to effectively prioritize and execute tasks in a high-pressure environment. Comprehensive understanding of the organization’s goals and objectives. Expertise with threat analysis risk management, configuration management, business continuity and contingency planning. 
• Advanced knowledge of administrative, procedural and technical controls used to reduce security risks. 
• Ability to troubleshoot multi-vendor Security issues. 
• Strong organizational, interpersonal and oral communication skills. Advanced proficiency in network troubleshooting, diagnostic root cause analysis. Excellent analytical and problem-solving abilities. 
• Required Software and Other Tools: Advanced proficiency with applicable IT Security tools (software and hardware). Microsoft Office. 
• Work Environment: Fast paced, multi-platformed environment which may require action and response 24X7 to support the technical business needs of the customer. 

Required Education: 

• Bachelor's degree in computer science, Information Technology or other job-related degree. or 4 years of job-related work experience or 2 years of job-related experience plus an associate’s degree in computer science, Information Technology or other job-related degree. 
• Required Work Experience: 8 years of job-related technical experience. Preferred Work Experience: Strong incident response experience in a medium to large sized enterprise. Experience interpreting and acting on cyber threat intelligence. Preferred Licenses and Certificates: CISA, CISM, CISSP.

This is the pay range that Magnit reasonably expects to pay someone for this position is $49.41/hour - $65.88/hour. Benefits: Medical, Dental, Vision, 401K (provided minimum eligibility hours are met).

BlueCross is a strong supporter of our veterans, and many service men and women have joined our ranks. We’ve found the dedication, work ethic and job skills that serve well in the military excel in many of our lines of business, and we proudly have veterans filling positions in Human Resources, Information Technology, Customer Service, Operations, General Services and more. 

Through our government contracts, we also have employees serving at Shaw Air Force Base, the Naval Health Clinic in Charleston, the Naval Hospital in Beaufort and in our hometown of Columbia, S.C., at Ft. Jackson. If you are a full-time employee in the National Guard or Reserves, we will even cover the difference in your pay if you are called to active duty. If you're ready to join in a diverse company with secure, community roots and an innovative future, apply for a position now!