Cyber Security Lead Analyst

Cyber Security Lead Analyst - HIH - Evernorth

As a Cyber Security Lead Analyst specializing in Penetration Testing for Evernorth's HIH initiative, you will be instrumental in conducting comprehensive vulnerability assessments, threat modeling, penetration tests, and red team campaigns across Cigna’s IT infrastructure and applications. Working collaboratively with the Information Protection Senior Manager, your responsibilities will include identifying, evaluating, and remediating potential system weaknesses through both manual and automated methodologies.

About Cigna:

Cigna is a global health service organization focused on improving the health, well-being, and peace of mind of those we serve. We are equally committed to nurturing your career health, providing an environment where you can make a significant impact, learn continuously, and help reshape the perception of healthcare.

Your Impact:

• Execute internal and external penetration tests on corporate web applications, APIs, networks, infrastructure, and operating systems to uncover vulnerabilities.
• Conduct mobile application penetration tests for both Android and iOS platforms.
• Perform penetration tests within cloud-hosted environments (SaaS, PaaS, IaaS).
• Develop detailed and precise penetration testing reports, including actionable remediation recommendations, and effectively communicate risk findings to development and infrastructure teams.
• Contribute to the development of scripts, tools, and methodologies to enhance Cigna’s penetration testing capabilities.
• Collaborate within a team to identify risks, report to key stakeholders, and deliver value to the organization.

Qualifications:

• High School diploma required; Bachelor's degree preferred.
• Minimum of 5-8 years of overall experience in Cyber Security.
• At least 3 years of dedicated penetration testing experience.
• A strong passion for security, with a keen interest in discovering system vulnerabilities and developing defensive strategies.
• Exceptional analytical and problem-solving skills, with the ability to think creatively and unconventionally.
• Adaptability to work in a dynamic environment with evolving requirements and procedures.
• Excellent oral and written communication skills, with proven ability to create documentation and presentations for both technical and non-technical audiences.

What you should have:

• Proven ability to excel as an individual contributor and a team player in a fast-paced setting.
• Capability to coordinate with teams to forecast activity completion and share workloads effectively.
• Proficiency in Windows and *nix-based operating systems.
• Solid understanding of core Internet protocols (e.g., TCP, UDP, DNS, HTTP, TLS, IPsec) and the OSI model.
• Knowledge of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.).
• Familiarity with Cloud environments such as SaaS, PaaS, and IaaS.
• Basic skills in exploit development and validation.
• Proficiency with application vulnerability assessment tools (e.g., Burp, Checkmarx, AppScan, WebInspect, Cenzic).
• Proficiency with network and server assessment tools (e.g., Nessus, Metasploit, Nmap, Nikto).
• Understanding of web application frameworks (React, Springboot, Ruby on Rails, J2EE, PHP, ASP.NET).
• Expertise in both manual and automated techniques for penetration testing and vulnerability assessments.
• Knowledge of networking fundamentals and common attack vectors.
• Experience in coding/scripting with modern languages (e.g., Python, Ruby, PowerShell).
• Mobile application coding experience with Android/iOS platforms (e.g., Java, Swift, Objective C).
• Ability to analyze vulnerabilities and misconfigurations, characterize threats accurately, and provide effective remediation recommendations.