Information Protection Advisor - Penetration Testing at Cigna in Memphis, Tennessee

Job Description:

Information Protection Advisor - Penetration Testing

Provides expert content/professional leadership on complex Information Protection assignments/projects. Viewed as an expert in a specific aspect of information security. Undertakes specific projects requiring additional specialized technical knowledge. Makes well-thought-out decisions on complex information security issues. Identifies, evaluates, conducts, schedules and leads technical analyses functions to ensure all applicable IS security requirements are met. Provides technical analysis of requirements necessary for the protection of all information processed, stored, or transmitted by systems. Coordinates with users to determine requirements. May conduct security reviews of external service providers and outsourcing vendors and systems reviews to ensure appropriate security implementation. Exercises considerable creativity, foresight, and judgment in conceiving, planning, and delivering initiatives. Uses deep professional knowledge and acumen to advise functional leaders. Focuses on providing thought leadership within Information Protection but works on broader projects, which require understanding of wider business. Recognized internally as a subject matter expert.

The Information Protection Advisor - Penetration Testing is responsible for conducting vulnerability assessments, threat modeling, penetration tests, and red team campaigns of Cigna's IT infrastructure and applications. This role will work closely with the Information Protection Senior Manager to identify, evaluate, and remediate potential weaknesses in Cigna's systems using both manual and automated methods.

About Cigna

Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don't just care about your well -being, we care about your career health too. That's why when you work with us, you can count on a different kind of career - you'll make a difference, learn a ton and share in changing the way people think about healthcare.

How you'll make a difference:

• Execute internal and external penetration tests against corporate web applications, APIs, networks, Windows and Unix variants to discover vulnerabilities


• Execute mobile application penetration tests for both Android and iOS based devices


• Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation


• Develop scripts, tools or methodologies to enhance Cigna's penetration testing processes


• Proficiency in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.)


• Proficiency in network and server assessment tools (e.g. Nessus, metasploit, nmap, nikto, etc.)


• Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET)


• Proficiency in manual and automated techniques for penetration testing and executing vulnerability assessments


• Knowledge of Windows and *nix-based operating systems


• Knowledge of networking fundamentals and common attacks


• Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell)


• Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C)


• Basic exploit development and validation skills


• Ability to analyze vulnerabilities, appropriately characterize threats, and provide remediation recommendations


• Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)


• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)


• Demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities

What you should have:

• High School diploma; Bachelor's degree preferred


• 3 years or more of penetration testing experience


• One or more professional certifications such as OSCP, OSCE, GWAPT, GSEC, GPEN, GXPN


• Passionate about security and finding new ways to break into systems as well as defend them


• Strong analytical and problem solving skills with the ability to "think outside the box"


• Ability to work in a flexible environment where requirements and procedures continuously evolve


• Strong oral and written communication skills, including a demonstrated ability to prepare documentation and presentations for technical and non-technical audiences


• Must be a current contractor with Cigna, Express Scripts, or Evernorth. Evernorth is a new business within the Cigna Corporation.

This position is not eligible to be performed in Colorado.

About Cigna

Cigna Corporation (NYSE: CI) is a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. We offer an integrated suite of health services through Cigna, Express Scripts, and our affiliates including medical, dental, behavioral health, pharmacy, vision, supplemental benefits, and other related products. Together, with our 74,000 employees worldwide, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation.

When you work with Cigna, you'll enjoy meaningful career experiences that enrich people's lives while working together to make the world a healthier place. What difference will you make? To see our culture in action, search #TeamCigna on Instagram.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.