|Location||Remote; St. Louis, MO|
|Preferred GIAC Certifications||GCFA, GNFA, GREM|
|Contact Name||Cigna HR|
The Threat Response Unit (TRU) Incident Response team responds to cyber security incidents. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a competent technical skill set. This position will be responsible for providing senior operational level support for Information System threats and managing security incidents.
Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well –being, we care about your career health too. That’s why when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton and share in changing the way people think about healthcare.
* Conduct memory and disk forensics, Network traffic analysis, log correlations in support of Incident Response investigations
* Lead/Participate or work hand-in-hand with other Security Analysts and all relevant stakeholders to identify, remediate and bring closure to all potential security related threats
* Perform Advanced Static and Dynamic Malware Analysis.
* Mentor and develop junior members on the Incident Response Team
* Participate in CSIRT investigations.
* Develop comprehensive and accurate security investigation reports and presentations.
* Effectively communicate investigative findings and strategy to technical staff, management and executive leadership.
* Participate in CSIRT investigations
* Work hand-in-hand with other Security Advisors and relevant stakeholders to identify, remediate and bring closure to potential security related threats
* Document incident response investigation, SOPs and playbooks
* Identify security monitoring gaps and enhancing detection capabilities or logic.
* Identify gaps and recommend improvements to enterprise technology environment across all platforms, with a goal to enhance the overall security posture.
* Develop SOAR workflows and decisions
* Participate in Internal/External Compliance Audits
* Produce Weekly/Monthly Incident Response metrics
* Participate in an Incident Response on-call rotation
* Participate in Enterprise Security projects.
* Perform other security duties as assigned.
* Bachelor's degree preferred
* Minimum 5+ years of comparable experience
* Strong understanding of enterprise security controls in Cloud, Active Directory, Windows and UNIX environments
* Excellent verbal and written communication and presentation skills.
* Experience with implementing SOAR solutions and workflows.
* Understanding of information risk management concepts.
* Experience leveraging the Cyber Kill Chain and MITRE Attack Framework
* Ability to diagnose and troubleshoot technical issues, excellent problem solving skills
* Experience with one or more scripting languages such as Perl, Python, Bash and PowerShell highly desired.
* Exceptional understanding of the cyber threat landscape, attack surfaces, and threats associated with each
* Experience leading team members, directing staff priorities and completing reviews to ensure quality work products preferred
* Ability to successfully interface with internal clients
* Ability to document and explain technical details in a concise, understandable manner
* Ability to manage and balance multiple tasks and work independently and as part of a team
* Industry certifications relating to incident response, network and host triage, such as GCFA, GNFA, GREM