Cyber Security Advisor

Cyber Security Associate Advisor - HIH - Evernorth

Job Description Summary:

Provides counsel and advice to top management on significant Information Protection matters,

often requiring coordination between organizations. Viewed as an expert in a specific aspect of

information security. Undertakes complex projects requiring additional specialized technical

knowledge. Makes well-thought-out decisions on complex or ambiguous information security

issues. Provides architectural oversight and direction for enterprise-wide security technology.

Ensures high-level integration of application development with information security policies and

strategies. Stays up-to-date on the direction of emerging industry standards. Identifies,

evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable

IS security requirements are met. Provides technical analysis of requirements necessary for the

protection of all information processed, stored, or transmitted by systems. Coordinates with

users to determine requirements. Conducts security reviews of external service providers and

outsourcing vendors and systems reviews to ensure appropriate security implementation.

Focuses on providing thought leadership and technical expertise across multiple disciplines.

Recognized internally as the go-to person for the most complex Information Protection

assignments.

Job Description

Position Summary :

The Cyber Security Advisor - Penetration Testing is responsible for conducting

vulnerability assessments, threat modeling, penetration tests, and red team campaigns of

Cigna s IT infrastructure and applications. This role will work closely with the Information

Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna s

As a member of the Cyber Security Incident Response Team, this role will provide second and

third level incident response services to the global Cigna enterprise to address Cyber Security

threats to the enterprise. Daily activities will include analysis of logs, memory and disc artifacts

and the use of a variety of commercial and open source security tools to respond to and triage

threats in global enterprise. This role will focus on Threat Hunting and Incident Response

capabilities within Cloud Service Provider environments.

About Cigna

Cigna is a global health service company dedicated to helping the people we serve improve

their health, well-being, and peace of mind. But we don t just care about your well -being, we

care about your career health too. That s why when you work with us, you can count on a

different kind of career - you ll make a difference, learn a ton and share in changing the way

people think about healthcare.

Responsibilities :

Lead and execute internal and external penetration tests against corporate web

applications, APIs, networks, Windows and Unix variants to discover vulnerabilities

Lead and execute mobile application penetration tests for both Android and iOS based

devices

Create comprehensive and accurate penetration testing reports with recommendations for

appropriate remediation

Develop scripts, tools or methodologies to enhance Cigna s penetration testing processes

Experience in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan,

WebInspect, Cenzic, etc.)

Experience with network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto,

etc.)

Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE,

PHP, ASP.NET)

Strong experience in manual and automated techniques for penetration testing and

executing vulnerability assessments

Knowledge of Windows and *nix-based operating systems

Knowledge of networking fundamentals and common attacks

Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell)

Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift,

Objective C)

Exploit development and validation skills

Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation

recommendations

Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)

Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations,

AES, etc.)

Demonstrated ability to coordinate people and lead teams to project/activity completion and

the ability to work in a team environment, sharing workloads and responsibilities

Qualifications :

High School diploma; Bachelors degree preferred

years or more of penetration testing experience

One or more professional certifications such as OSCP, OSCE, GWAPT, GSEC, GPEN,

GXPN

Passionate about security and finding new ways to break into systems as well as defend

them

Strong analytical and problem solving skills with the ability to think outside the box

Ability to work in a flexible environment where requirements and procedures continuously

evolve

Strong oral and written communication skills, including a demonstrated ability to prepare

documentation and presentations for technical and non-technical audiences

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.