Job Description

About EvernorthEvernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people.Job Posting Title: Information Protection Senior Analyst, Application Security and Remediation Advisor. Summary:The Information Protection Senior Analyst Application Security Testing, is responsible for conducting automated vulnerability assessments, assisting with penetration tests, tracking and remediation of findings, coordination of application security services to support internal customers. Coach and support customers on how to resolve security risks with best practices. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cignas systems, using both manual and automated methods.About Cigna:Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we dont just care about your wellbeing, we care about your career health too. Thats why, when you work with us, you can count on a different kind of career youll make a difference, learn a ton, and share in changing the way people think about healthcare.Responsibilities:

• Assist with internal and external penetration tests against corporate web applications, APIs, networks, infrastructure, and operating systems to discover vulnerabilities. Assist with tracking and remediation of vulnerability findings.
• Perform Application and web-based scanning for vulnerabilities, create reports and assist stakeholders with information.
• Help Coordinate security meetings for APAC region for Penetration testing and Application Security.
• Execute mobile application security testing for both Android and iOS based devices.
• Create comprehensive and accurate security reports with recommendations for appropriate remediation and communicate risk findings with development and infrastructure teams.
• Develop scripts, tools, or methodologies to enhance Cignas penetration testing processes.
• Work as part of a team to identify risks, communicate to key stakeholders, and provide value to the organization.

• Demonstrated ability to work as both an individual contributor and a team player in a fast paced environment.
• Coordinate with people and teams to forecast activity completion and the ability to work in a team environment, sharing workloads and responsibilities.
• Knowledge of Windows and *nix-based operating systems.
• Understanding of core Internet protocols (e.g. TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model.
• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.).
• Understanding of Cloud environments such as SaaS, PaaS and IaaS.
• Understanding of OWASP.
• Basic exploit development and validation skills.
• Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.).
• Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.)
• Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET).
• Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments.
• Knowledge of networking fundamentals and common attacks.
• Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell.)
• Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C).
• Ability to analyze vulnerabilities and misconfigurations, appropriately characterize threats, and provide remediation recommendations.

• High School diploma; Bachelor\'s degree preferred.
• 4 years or more of penetration testing or application security experience.
• Passionate about security and finding new ways to break into systems, as well as defend them.
• Strong analytical and problem solving skills, with the ability to think outside the box.
• Ability to work in a flexible environment where requirements and procedures continuously evolve.
• Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences.

Evernorth