Information Protection Advisors- Hybrid

The job profile for this position is Information Protection Advisor, which is a Band 4 Senior Contributor Career Track Role with  eviCore Healthcare MSI, LLC.

Responsiblities-

• Act as a subject matter expert on application security to improve and further integrate security best practices into product design and software development lifecycles (SDLC) of the organization.

• Perform focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommend security enhancements.

• Assist development teams with secure code reviews and other AppSec assessments to educate development teams on security weaknesses and vulnerabilities.

• Assist with the implementation and management of automated security controls as part of CICD pipelines and DevSecOps philosophies.

• Assist with the education of development teams on the remediation of vulnerabilities detected in SAST, SCA, and DAST security tools.

• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices.

• Hybrid work schedule.

Qualifications-

Requires a Master's Degree in Computer Science or a closely related field and 3 years of Cybersecurity experience (or a Bachelor's Degree in Computer Science or a closely related field and 5 years of Cybersecurity experience).

Must have experience with: Integrating security at every phase of the Software Development Lifecycle; Identifying potential threats and vulnerabilities early in the design phase; Using SAST/DAST tools and techniques to analyze source code and running applications for vulnerabilities; Utilizing secure coding standards, including OWASP Top 10 and SEI Cert, across multiple languages; identifying, prioritizing, and remediating vulnerabilities using tools including Nessus, Qualys, and Burp Suite; Secure identity management including authentication, authorization mechanisms, and role-based controls using tools including OAuth, SAML, and JWT; embedding security into CI/CD pipelines; GitHub Actions for DevSecOps Integration; Jenkins for DevSecOps Integration; Securing applications deployed in cloud environments, including container security; Assessing application risk and compliance with security standards including NIST and ISO 27001; and, Detecting, analyzing, and responding to application-level security incidents.

About Evernorth Health Services

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.