Information Protection Advisor

Information Protection Advisor - HIH - Evernorth Information Protection Advisor Penetration Testing Summary Provides counsel and advice to top management on significant Information Protection matters often requiring coordination between organizations Viewed as an expert in a specific aspect of information security Undertakes complex projects requiring additional specialized technical knowledge Makes well-thought-out decisions on complex or ambiguous information security issues Provides architectural oversight and direction for enterprise-wide security technology Ensures high-level integration of application development with information security policies and strategies Stays up-to-date on the direction of emerging industry standards Identifies evaluates conducts schedules and leads technical analyses functions to ensure all applicable IS security requirements are met Provides technical analysis of requirements necessary for the protection of all information processed stored or transmitted by systems Coordinates with users to determine requirements Conducts security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation Focuses on providing thought leadership and technical expertise across multiple disciplines Recognized internally as the go-to person for the most complex Information Protection assignments Position Summary The Information Protection Sr Advisor - Penetration Testing is responsible for conducting vulnerability assessments threat modeling penetration tests and red team campaigns of Cigna s IT infrastructure and applications This role will work closely with the Information Protection Senior Manager to identify evaluate and remediate potential weaknesses in Cigna s systems using both manual and automated methods As a member of the Cyber Security Incident Response Team this role will provide second and third level incident response services to the global Cigna enterprise to address Cyber Security threats to the enterprise Daily activities will include analysis of logs memory and disc artifacts and the use of a variety of commercial and open source security tools to respond to and triage threats in global enterprise This role will focus on Threat Hunting and Incident Response capabilities within Cloud Service Provider environments About Cigna Cigna is a global health service company dedicated to helping the people we serve improve their health well-being and peace of mind But we don t just care about your well -being we care about your career health too That s why when you work with us you can count on a different kind of career - you ll make a difference learn a ton and share in changing the way people think about healthcare Responsibilities Lead and execute internal and external penetration tests against corporate web applications APIs networks Windows and Unix variants to discover vulnerabilities Lead and execute mobile application penetration tests for both Android and iOS based devices Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation Develop scripts tools or methodologies to enhance Cigna s penetration testing processes Experience in application vulnerability assessment tools e g Burp Checkmarx AppScan WebInspect Cenzic etc Experience with network and server assessment tools e g Nessus metasploit nmap nikto etc Understanding of web application frameworks React Springboot Ruby on Rails J2EE PHP ASP NET Strong experience in manual and automated techniques for penetration testing and executing vulnerability assessments Knowledge of Windows and nix-based operating systems Knowledge of networking fundamentals and common attacks Coding scripting experience in modern scripting languages e g Python Ruby PowerShell Mobile application coding experience with Android iOS based platforms e g Java Swift Objective C Exploit development and validation skills Ability to analyze vulnerabilities appropriately characterize threats and provide remediation recommendations Understanding of core Internet protocols e g DNS HTTP TCP UDP TLS IPsec Understanding of encryption fundamentals symmetric asymmetric ECB CBC operations AES etc Demonstrated ability to coordinate people and lead teams to project activity completion and the ability to work in a team environment sharing workloads and responsibilities Qualifications High School diploma Bachelor s degree preferred 11-13 years or more of penetration testing experience One or more professional certifications such as OSCP OSCE GWAPT GSEC GPEN GXPN Passionate about security and finding new ways to break into systems as well as defend them Strong analytical and problem solving skills with the ability to think outside the box Ability to work in a flexible environment where requirements and procedures continuously evolve Strong oral and written communication skills including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences About Evernorth Health Services Evernorth Health Services a division of The Cigna Group creates pharmacy care and benefit solutions to improve health and increase vitality We relentlessly innovate to make the prediction prevention and treatment of illness and disease more accessible to millions of people Join us in driving growth and improving lives