Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Advisor, Threat Response Unit
Company Cigna
Location Remote; St. Louis, MO
Preferred GIAC Certifications GCFA, GNFA, GREM
Travel 10%
Salary Not provided
Contact Name Cigna HR
Contact Email info/at/
Expires 2021-03-09

Job Description

The Information Protection organization responds to cyber security and privacy incidents across Cigna business units. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a competent technical skill set. This position will be responsible for providing operational support for Information Systems threats and managing security incidents.

About Cigna

Cigna is a global health service company dedicated to helping the people we serve improve their health, well-being, and peace of mind. But we don’t just care about your well –being, we care about your career health too. That’s why when you work with us, you can count on a different kind of career – you’ll make a difference, learn a ton and share in changing the way people think about healthcare.


* Conduct network forensics, host forensics, log analysis, and malware triage in support of Incident Response investigations
* Monitor information security events to identify potential incidents for remediation
* Participate in small and large scale security investigations
* Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
* Effectively communicate investigative findings and strategy to technical staff, executive leadership and legal counsel.
* Work with security and IT operations to implement remediation plans in response to incidents.
* Work hand-in-hand with other Security Advisors and all relevant stakeholders to identify, remediate and bring closure to all potential security related threats
* Document incident response SOPs and playbooks
* Identify gaps and recommend improvements to enterprise technology environment across all platforms, with a goal to enhance the overall security posture of Cigna.
* Event monitoring process and technical improvements.
* Participate in Internal/External Compliance Audits
* Produce Weekly/Monthly/Yearly Incident Response KPI/KRI metrics
* Participate in an on-call rotation
* Potential involvement in Red Team campaigns
* Perform other duties as assigned


* High School Diploma; Bachelor's degree preferred
* 3 years or more experience with Disk and Memory forensics, Network Security, network traffic analysis and log analysis, static and dynamic malware analysis
* Thorough understanding of enterprise security controls in Active Directory / Windows and UNIX environments
* Excellent verbal and written communication and presentation skills.
* Understanding of information risk management concepts.
* Experience leveraging the Cyber Kill Chain and MITRE Attack Framework
* Ability to diagnose and troubleshoot technical issues, excellent problem solving skills
* Experience using incident response and analysis tools such as Volatility, wireshark, sysinternal, Splunk, Tanium, EnCase, F-Response, SIFT, REMnux,
* Experience deobfuscating potentially malicious content.
* Experience doing static and dynamic malware analysis.
* Experience with one or more scripting languages such as Perl, Python, Bash and PowerShell highly desired.
* Exceptional understanding of the cyber threat landscape, attack surfaces, and threats associated with each
* Experience leading team members, directing staff priorities and completing reviews to ensure quality work products preferred
* Minimum 5 years of comparable experience
* Ability to travel up to 10%
* Ability to successfully interface with internal clients
* Ability to document and explain technical details in a concise, understandable manner
* Ability to manage and balance own time among multiple tasks, and lead junior staff when require and to work independently and as part of a team
* Industry certifications pertaining to incident response, network and host triage such as GCFA, GNFA, GREM