Information Protection Associate Advisor - HIH - Evernorth

Position Summary:

A successful Red Team member should possess a deep understanding of information security and computer science paired with experience executing highly technical offensive assessments. They should understand advanced red and purple team campaign concepts such as performing social engineering and covert operations against complex networks while remaining entirely undetected, advanced application manipulation, and basic programming concepts. They should be able to improve the overall detection and response capabilities of the organization by understanding adversarial TTPs, developing engagements that emulate specific threat actors of concern, and engaging with the Blue Team during and post engagement.

At Cigna, you’ll be working with some of the best experts in the industry and faced with complex problem-solving opportunities daily. We help protect some of the most sensitive and valuable data for millions of members throughout the world and red teaming is critical to validating our global security posture. You are expected to quickly assimilate new information as you will face new environments across the globe on a regular basis. You will be expected to understand the relevant threat vectors to each environment and properly assess them, engage with peer teams (e.g., Cyber Threat Intelligence, Threat Hunt, and Incident Response) to develop engagements and effectively communicate results to a wide variety of audiences.

Job Description & Responsibilities:

Execute offensive security engagements, with a focus on advanced red team operationsEngage with key service customers, partners, and stakeholders across the enterprise to drive improved security outcomesIdentify, develop, and promote new red team capabilities and improve Adversary Simulation’s overall program maturityTechnical mentorship and skill development of junior team members

Experience Required:

Overall 8-11 years of IT and/or information security experienceMinimum 5 years spent performing red team engagements or advanced offensive security exercises in a professional environmentDeep understanding of cybersecurity principles, network security, and modern attack vectorsAdvanced understanding of common network and host-based attacks and OPSEC-related considerations for offensive tradecraftProven experience bypassing modern security controls to accomplish operational objectivesProficiency in scripting languages (Python, PowerShell, Bash) and familiarity with programming languages (C/C++, C#)Experience with or an understanding of:Command and Control frameworks (and related OPSEC considerations)Cloud Platforms/EnvironmentsActive Directory ExploitationWeb Application ExploitationSocial EngineeringExploit DevelopmentReverse engineeringDemonstrated ability to produce comprehensive reports and explain complex technical details in a concise, understandable mannerAbility to manage and balance own time among multiple tasks and lead/facilitating work for junior operators during engagements when required

Experience Desired:

Experience performing offensive security operations within the healthcare industryFamiliarity with cloud environments (AWS, Azure, GCP) and associated security challengesKnowledge of healthcare regulations such as HIPAA and their implications for security practices

Education and Training Required:

Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent experience may be consideredRelevant certifications such as OSCP, OSCE, OSEP, GXPN, CRTO, or similar

Primary Skills:

Advanced knowledge and experience in offensive security techniques and red teamingAbility to emulate sophisticated adversaries and design realistic attack scenariosExcellent analytical and problem-solving skills with a keen attention to detail

Additional Skills:

Ability to work effectively in a team-oriented environment and collaborate with cross-functional teamsFlexibility to adapt to evolving security challenges and stay current with emerging threatsWillingness and ability to mentor and develop junior team members

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.