Posted in General Business 30+ days ago.
Type: Full-Time
The Threat Response Unit (TRU) DLP team responds to user behavior based cyber security incidents. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a technical skill set. This position will be responsible for providing senior operational level support, senior technical level expertise with DLP and non-DLP tools and solutions. Provide point of escalation for Data Loss events as well as support for departmental or enterprise level projects.
Responsibilities:
Engineering level expertise to provide guidance and direction for DLP platforms, potential scripting solutions, automation opportunities
Develop and assist in engineering solutions for DLP related use cases related to automation involving SOAR and SIEM platforms
Develop and maintain log query, offense rules, actionable alerts, and report creation in SIEM platform
Identify, analyze, and verify Data Loss events related to email, web, endpoint channels
Perform security analysis of network traffic data and report on threats for handoff and additional analysis.
Threat mitigation through immediate action utilizing enterprise security tools and outreach to partner teams to achieve containment
Work within rotational schedule to ensure full coverage for event monitoring and security report review
Follow up and review cases until closure which includes investigating and recommending appropriate corrective actions for cyber security incidents and communicating with the implementation staff responsible or taking corrective actions
Manage and escalate Data Loss incidents to Senior Management for awareness and resolution in timely manner
Provide supporting evidence as needed to support Privacy Office investigations
Assist in audit activities to provide evidence, address and remediate Findings
Ensure process and procedure guides are up to date and accurate
Follow enterprise Change Management workflows to ensure stable production implementation of enhancements
Provide recommendations for security improvements by assessing current DLP landscape, evaluating trends, and anticipating requirements to reduce enterprise risk
Maintain and tune policies/rules within data loss tools to reduce risk to company
Assist with metric collection for weekly/monthly management reporting requirements
Support projects to assist in deployment, tuning and configuration of new technology as needed
Support 24x7 on call for escalated security incidents on a rotational basis
Perform other security duties as required
Soft Skills/Abilities:
Demonstrated ability to work in a team environment
Self-starter willing to take initiative to go beyond the ask
Ability to effectively prioritize tasks and work independently with minimal daily management interaction.
Excellent written and verbal communication skills
Strong judgment and leadership skills
Ability to work effectively with clients and IT management and staff.
Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics
Strong analytical skills and inferential thinking
Ability to create and document new processes/procedures and gain intra and inter team buy-in and acceptance
Ability to operate and contribute effectively as a remote member of a global Information Protection team.
Technical Skills:
Applied scripting expertise in Powershell, Vbscript, Python
Deep understanding of Regex along with other security utilities such as nmap, Wireshark, tcpdump etc.
Expertise with a variety of security tools such as Data Loss Prevention platforms, Security Information and Event Management (SIEM) system, web proxy systems, email proxy systrems, CASB solutions, SOAR platforms
Strong understanding of networking protocols and infrastructure designs; including routing, firewall functionality, load balancing, and other network protocols.
Strong understanding of Cloud Security concepts and CASB function
Demonstrated experience with network and endpoint data loss prevention (DLP) tools. Candidate will be required to utilize various security tools to monitor security risks in the Cigna internal network, create cases in case tracking tool and initiate investigation where warranted
Preferred Qualifications:
Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar are a plus
Networking certifications (e.g. CCNA - Security, CCNP) and demonstrated practical experience
Linux knowledge a plus
This position is not eligible to be performed in Colorado.
About Cigna
Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you'll enjoy meaningful career experiences that enrich people's lives. What difference will you make?
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.
Cigna |
Wood Group Pratt & Whitney Industrial Turbine Services, LLC |
Cigna |