Infrastructure Engineering Senior Advisor- Threat and Vulnerability Management at Cigna in Bloomfield, Connecticut

Job Description:

POSITION SUMMARY

Unique opportunity for the ideal candidate with 3+ years' experience in and understanding of Database and Big Data environments with affinity for cybersecurity/vulnerability and risk management. This role resides within the Infrastructure Governance Strategy/Vulnerability Management (IGS/VM) team supporting overall Global Infrastructure teams. We partner and work directly with our Information Protection organization in support of a vast array of infrastructure technology teams all sharing the common goal to continuously improve our security posture through proactive risk assessments, analysis and solutions. The team's mission is to identify system weaknesses with the ultimate purpose of reducing risk in a prioritized manner.

The ideal candidate will identify security issues and drive mitigation prioritization through excellent analytical, engineering, communication, and technical skills, partner with asset owners to ensure the stability of our infrastructure and drive continuous improvement in our patching and lifecycle processes.

This role will be required to display engineering excellence utilizing and maintaining a diverse set of vulnerability assessment tools and techniques. In addition to performing assessments the role requires active participation in the vulnerability management process, collaborating with key stakeholders to drive secure design and solutions.

ESSENTIAL FUNCTIONS

• Partner with Infrastructure Database and Big Data teams to address vulnerabilities discovered during assessments and scans.


• Provide recommendations on opportunities to automate, orchestrate, or otherwise improve established security processes, including detection and assessment of vulnerabilities.


• Enable infrastructure, platform, and application teams to drive a stronger security posture, by leveraging security and vulnerability management tools like ServiceNow SecOps, Tenable, Prisma, Guardium and others such as GSC platforms such as OnSpring.


• Understanding of vulnerability assessments across all layers of the network / host / application / database stack.


• Ability to think like an attacker and partner with key stakeholders to develop defensive controls and hardening configurations.


• Provide vulnerability scanning and remediation guidance, false positive validation, compliance scanning and policy and standard creation.


• Demonstrate strong technical/analytical skills while providing accurate analysis of security-related findings.


• Collaborate with Stakeholders, Tech lead and Team members to discuss the vulnerabilities and risk and implement remediation and/or mitigating controls in an efficient way.


• Report on risk/vulnerability metrics and trending patterns to drive remediation and/or mitigating controls.

• In depth knowledge of vulnerability, configuration management platforms, such as Tenable.SC, Tenable.IO, ServiceNOW SecOps, Prisma, Guardium, Nexpose, Qualys, ForeScout etc.
  
  
  • Strong knowledge and experience with relational, non-relational and big data databases such as Oracle, MongoDB, PostgreSQL, MSSQL, DB2 z/OS, DB2LUW, Teradata, Hadoop, etc.
  
  
  • Experience with automation, scripting, and API integrations.
  
  
  
  


• Understand operational maintenance of production systems, troubleshooting and performance tuning.
  
  
  • Develop and coach team members and peers at different skill levels.
  
  
  • Ability to work in an agile culture and manage time effectively.
  
  
  • Certification in information security (CISSP, OSCP, GWAPT or equivalent) preferred.
  
  
  • Bachelor's degree in computer related field preferred.
  
  
  • 3+ years of relevant working experience; 1+ years of experience focused on cybersecurity, vulnerability/configuration management, risk management, or similar experience.
  
  
  
  

Do you enjoy the challenge of defending an enterprise from security breaches? Come put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of cyber security threats and risks. Our cyber defenders are challenged and trusted with maintaining our secure infrastructure day in and day out, while delivering an enterprise computing environment that is resilient to breaches and disruptions. If you're as passionate about data security as we are and want to be at the center of our noble mission to make healthcare safer and more affordable, explore our opportunities.

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 120,100 - 200,100 USD / yearly, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus plan.

We want you to be healthy, balanced, and feel secure. That's why you'll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you'll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, visit Life at Cigna Group .

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we're dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.

Qualified applicants with criminal histories will be considered for employment in a manner
consistent with all federal, state and local ordinances.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.