Cyber Security Lead Analyst

Cyber Security Lead Analyst - HIH - Evernorth

Position Summary:

Cigna Information Protection is looking for a Lead Analyst, Incident Response (IR).  The Incident Response Lead Analyst is responsible for handling and coordinating lower severity cybersecurity incidents as part of a 24x7 operation. The IR Lead Analyst acts as a supporting role to the major incident management process in the event of High or Critical Severity cybersecurity incidents. The IR Lead Analyst also acts as a point of escalation to lower tier analysts and provides mentorship.

Job Description & Responsibilities:

• Monitor and respond to security alerts generated by the Managed Security Service Provider (MSSP), Cigna's SIEM and/or SOAR platforms.
• Analyze, document, and communicate security events based on priority given by MSSP or SOC Team Lead and according to SOC protocol.
• Provide escalation support for security events from SOC Analysts.
• Participate in CSIRT functions supporting investigative requests and/or to assist with the development of containment/mitigation strategies.
• Perform host and network-based log analysis to identify potentially infected hosts and escalate to appropriate team according to SOC protocol.
• Correlate IOCs with data from information security systems/tooling to identify attacks and/or potentially compromised systems and escalate to appropriate team according to SOC protocol.
• Collaborate with Cigna's Threat Intelligence, Threat Hunt, and Adversary Simulation teams to refine and/or improve threat detections and/or security controls and configurations for security monitoring systems.
• Contribute to the evaluation, testing, and implementation of new detections, security tools and processes.
• Develop and maintain documentation for all assigned responsibilities.  Develop and report on trends and provide focus and situational awareness on all issues to SOC leadership.
• Required to perform duties outside of normal work hours based on business needs.
• Working in a shift is required for this role and you will be allocated to one of the following:

Morning Shifts (06:00am-03:30pm)

• Shift A: Tuesday -> Saturday
• Shift B:  Sunday -> Thursday

General Shifts (11:30am-8:30pm):

• Shift C: Tuesday -> Saturday
• Shift D:  Sunday -> Thursday

Experience Required:

• Overall, 5-8 years of I.T. and/or information security experience.
• Minimum 1-3 years of experience detecting and responding to cyber intrusions.
• Experience leveraging the Cyber Kill Chain and MITRE Attack Framework.
• Experience using IR tools such as Splunk, Tanium, Volatility, Encase, FTK, SIFT, REMnux, etc.
• Deep understanding of the cyber threat landscape, attack surfaces, and threats associated with each.  
• Deep understanding of enterprise security controls in Active Directory/Windows and UNIX environments.
• Knowledgeable and experienced with Cloud security concepts and tooling.

Experience Desired:

• Automating and/or scripting ability in one or more of the following: Python, Perl, Bash and/or Powershell.
• Experience de-obfuscating potentially malicious content.
• Experience doing static and dynamic malware analysis.

Education and Training Required:

• A degree (bachelor's degree preferred) from an accredited college and four years of satisfactory full-time experience required by the position; OR
• Education and / or experience which is equivalent to the above
• Relevant certifications such as Security+, CEH, CASP or similar

Primary Skills:

• Ability to conduct memory and disk forensics, network traffic analysis, log correlations in support of Incident Response investigations.
• Thorough knowledge of operating systems, networking, and host analysis.
• Detailed understanding of attacker tactics, tools, and techniques.
• Strong communication skills, both written and oral.
• Strong analytical and investigative mindset

Additional Skills:

• Ability to successfully interface with internal clients.
• Ability to document and explain technical details in a concise, understandable manner.
• Ability to manage and balance own time among multiple tasks, lead junior staff when required, and to work independently and as part of a team.

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.