Information Protection Senior Advisor, Threat Response Unit at Cigna in Bloomfield, Connecticut

Job Description:

The Threat Response Unit (TRU) DLP team responds to user behavior based cyber security incidents. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a technical skill set. This position will be responsible for providing senior operational level support, senior technical level expertise with DLP and non-DLP tools and solutions. Provide point of escalation for Data Loss events as well as support for departmental or enterprise level projects.

Responsibilities:

Engineering level expertise to provide guidance and direction for DLP platforms, potential scripting solutions, automation opportunities

Develop and assist in engineering solutions for DLP related use cases related to automation involving SOAR and SIEM platforms

Develop and maintain log query, offense rules, actionable alerts, and report creation in SIEM platform

Identify, analyze, and verify Data Loss events related to email, web, endpoint channels

Perform security analysis of network traffic data and report on threats for handoff and additional analysis.

Threat mitigation through immediate action utilizing enterprise security tools and outreach to partner teams to achieve containment

Work within rotational schedule to ensure full coverage for event monitoring and security report review

Follow up and review cases until closure which includes investigating and recommending appropriate corrective actions for cyber security incidents and communicating with the implementation staff responsible or taking corrective actions

Manage and escalate Data Loss incidents to Senior Management for awareness and resolution in timely manner

Provide supporting evidence as needed to support Privacy Office investigations

Assist in audit activities to provide evidence, address and remediate Findings

Ensure process and procedure guides are up to date and accurate

Follow enterprise Change Management workflows to ensure stable production implementation of enhancements

Provide recommendations for security improvements by assessing current DLP landscape, evaluating trends, and anticipating requirements to reduce enterprise risk

Maintain and tune policies/rules within data loss tools to reduce risk to company

Assist with metric collection for weekly/monthly management reporting requirements

Support projects to assist in deployment, tuning and configuration of new technology as needed

Support 24x7 on call for escalated security incidents on a rotational basis

Perform other security duties as required

Soft Skills/Abilities:

Demonstrated ability to work in a team environment

Self-starter willing to take initiative to go beyond the ask

Ability to effectively prioritize tasks and work independently with minimal daily management interaction.

Excellent written and verbal communication skills

Strong judgment and leadership skills

Ability to work effectively with clients and IT management and staff.

Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics

Strong analytical skills and inferential thinking

Ability to create and document new processes/procedures and gain intra and inter team buy-in and acceptance

Ability to operate and contribute effectively as a remote member of a global Information Protection team.

Technical Skills:

Applied scripting expertise in Powershell, Vbscript, Python

Deep understanding of Regex along with other security utilities such as nmap, Wireshark, tcpdump etc.

Expertise with a variety of security tools such as Data Loss Prevention platforms, Security Information and Event Management (SIEM) system, web proxy systems, email proxy systrems, CASB solutions, SOAR platforms

Strong understanding of networking protocols and infrastructure designs; including routing, firewall functionality, load balancing, and other network protocols.

Strong understanding of Cloud Security concepts and CASB function

Demonstrated experience with network and endpoint data loss prevention (DLP) tools. Candidate will be required to utilize various security tools to monitor security risks in the Cigna internal network, create cases in case tracking tool and initiate investigation where warranted

Preferred Qualifications:

Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar are a plus

Networking certifications (e.g. CCNA - Security, CCNP) and demonstrated practical experience

Linux knowledge a plus

This position is not eligible to be performed in Colorado.

About Cigna

Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you'll enjoy meaningful career experiences that enrich people's lives. What difference will you make?

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.