Security Threat Analyst

At Zelis, we Get Stuff Done. So, let's get to it!

A Little About Us

Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts - driving real, measurable results for clients.

A Little About You

You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are.

Position Overview

Your Team & Role

The Cybersecurity Engineer builds, manages, and enhances tools, automations, and data systems that power cyber defense operations. The role involves hands-on work with security technologies, developing workflow efficiencies, supporting detection engineering, ensuring high-quality security data, and mentoring teammates to strengthen overall team capability.

Key Responsibilities

• Innovation:
  Identify capability gaps, propose solutions, and design modern defensive approaches.

• Automation:
  Build or enhance automated workflows to reduce manual effort, improve reliability, and accelerate detection/response.

• Tooling Management:
  Maintain, optimize, and troubleshoot security platforms, custom tools, and log pipelines across the enterprise.

• Enterprise Data Management:
  Oversee the lifecycle of security data-ingestion, transformation, normalization, and quality control across systems.

• Detection Management:
  Support detection engineering through maintenance, testing, and improvement of detection logic, rules, dashboards, and data sources.

• Mentoring:
  Guide junior engineers and analysts on tools, processes, automation practices, and new capabilities.

Here is What You Can Expect on a Typical Day

• Tune, fix, integrate, or enhance security tools.

• Build or update automation scripts/workflows for incident response, threat intelligence, and vulnerability management.

• Maintain data pipelines by validating log sources, troubleshooting gaps, updating parsers, and improving normalization.

• Review and build detection rules/alerts, collaborating with analysts to reduce noise and improve performance.

• Work with IT, cloud, networking, and security teams to deploy solutions or resolve tool issues.

• Write documentation, improve runbooks, and share lessons learned.

• Support teammates through technical guidance and demonstrations.

• Participate in discussions on innovation, process improvement, and future engineering projects.

• Perform additional tasks as assigned.

Qualifications:

• Bachelor of Computer Science, Engineering, Information Security, Information Technology, or 4+ years of equivalent experience.

• 4+ years of enterprise level cybersecurity detection, response, or engineering experience.

• Ability to collaborate across enterprise teams within a cybersecurity context

• Strong oral/written communication skills with experience in cybersecurity technical process documentation.

• Demonstrated passion for cyber defense and commitment to maintaining technical proficiency

• Proven innovation and non-traditional problem solving

• Advanced knowledge of SIEM, SOAR, malware sandboxing and related tools

• Experience building or maintaining automation scripts or workflows (e.g., Python, Power Shell, Bash, APIs).

• Ability to diagnose and solve complex technical issues across tools, data flows, and integrations.

• Experience mentoring or training others on tools, techniques, or processes.

• Strong problem-solving mindset with an interest in improving systems and workflows.

• Understanding of detection logic, threat behaviors, and MITRE ATT&CK.

Preferred qualifications:

• Advanced cybersecurity certifications (e.g., GCFA, GCIA, GNFA, GCTI, GREM, GCIH, GCFA, GPEN, OSCP, etc.).

• Experience with cloud environments (AWS, Azure, GCP) and associated security tooling.

• Advanced Proficiency in scripting and high-level programming languages (Python, Power Shell, bash, etc.)

Please note at this time we are unable to proceed with candidates who require visa sponsorship now or in the future.

Location and Workplace Flexibility

We have offices in Atlanta GA, Boston MA, Morristown NJ, Plano TX, St. Louis MO, St. Petersburg FL, and Hyderabad, India. We foster a hybrid and remote friendly culture, and all our employee's work locations are based on the needs of the position and determined by the Leadership team. In-office work and activities, if applicable, vary based on the work and team objectives in accordance with Company…