Information Protection Lead Analyst – Penetration Testing

The Information Protection Advisor – Penetration Testing, is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of Cigna’s IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna’s systems, using both manual and automated methods.

About Cigna

Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well–being, we care about your career health too. That’s why, when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton, and share in changing the way people think about healthcare. 

How you’ll make a difference:

• Execute internal and external penetration tests against corporate web applications, APIs, networks, infrastructure and operating systems in order to discover vulnerabilities.
• Execute mobile application penetration tests for both Android and iOS based devices.
• Execute penetration tests in cloud-hosted environments.
• Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation, and communicate risk findings with development and infrastructure teams.
• Develop scripts, tools, or methodologies to enhance Cigna’s penetration testing processes.
• Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization.

What you should have:

• Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment.
• Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities.
• Knowledge of Windows and *nix-based operating systems.
• Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model.
• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.).
• Understanding of Cloud environments such as SaaS, PaaS and IaaS.
• Basic exploit development and validation skills.
• Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.).
• Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.)
• Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET).
• Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments.
• Knowledge of networking fundamentals and common attacks.
• Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.) 
• Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C).
• Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations.

Qualifications

• High School diploma; Bachelor’s degree preferred.
• 3 years or more of penetration testing experience.
• Passionate about security and finding new ways to break into systems, as well as defend them.
• Strong analytical and problem solving skills, with the ability to “think outside the box”.
• Ability to work in a flexible environment where requirements and procedures continuously evolve.
• Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

For this position, we anticipate offering an annual salary of 83,600 – 139,400 USD / yearly, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus plan.

We want you to be healthy, balanced, and feel secure. That’s why you’ll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and paid holidays. For more details on our employee benefits programs, visit Life at Cigna Group.

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: [email protected] for support. Do not email [email protected] for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.