Information Protection Advisors- Hybrid

The job profile for this position isInformation Protection Advisorwhich is a Band 4 Senior Contributor Career Track Role with eviCore Healthcare MSI LLC.

Responsiblities-

• Act as a subject matter expert on application security to improve and further integrate security best practices into product design and software development lifecycles (SDLC) of the organization.

• Perform focused risks assessments of existing or new services and technologies security architecture identifies design gaps risks and recommend security enhancements.

• Assist development teams with secure code reviews and other AppSec assessments to educate development teams on security weaknesses and vulnerabilities.

• Assist with the implementation and management of automated security controls as part of CICD pipelines and DevSecOps philosophies.

• Assist with the education of development teams on the remediation of vulnerabilities detected in SAST SCA and DAST security tools.

• Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices.

• Hybrid work schedule.

Qualifications-

Requires a Masters Degree in Computer Science or a closely related field and 3 years of Cybersecurity experience (or a Bachelors Degree in Computer Science or a closely related field and 5 years of Cybersecurity experience).

Must have experience with: Integrating security at every phase of the Software Development Lifecycle; Identifying potential threats and vulnerabilities early in the design phase; Using SAST/DAST tools and techniques to analyze source code and running applications for vulnerabilities; Utilizing secure coding standards including OWASP Top 10 and SEI Cert across multiple languages; identifying prioritizing and remediating vulnerabilities using tools including Nessus Qualys and Burp Suite; Secure identity management including authentication authorization mechanisms and role-based controls using tools including OAuth SAML and JWT; embedding security into CI/CD pipelines; GitHub Actions for DevSecOps Integration; Jenkins for DevSecOps Integration; Securing applications deployed in cloud environments including container security; Assessing application risk and compliance with security standards including NIST and ISO 27001; and Detecting analyzing and responding to application-level security incidents.

About Evernorth Health Services

Qualified applicants will be considered without regard to race color age disability sex childbirth (including pregnancy) or related medical conditions including but not limited to lactation sexual orientation gender identity or expression veteran or military status religion national origin ancestry marital or familial status genetic information status with regard to public assistance citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process please email: for support. Do not email for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama Alaska Arizona Arkansas Delaware Florida Georgia Hawaii Idaho Iowa Kansas Maryland Massachusetts Michigan Nebraska Ohio Pennsylvania Texas Utah Vermont and Washington State.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal state and local ordinances.