Information Protection Lead Analyst - HIH - Evernorth

Information Protection Lead Analyst - HIH - Evernorth

Position Summary:

Cigna Information Protection is looking for a Lead Analyst, Incident Response (IR). The Incident Response Lead Analyst is responsible for handling and coordinating lower severity cybersecurity incidents as part of a 24x7 operation. The IR Lead Analyst acts as a supporting role to the major incident management process in the event of High or Critical Severity cybersecurity incidents. The IR Lead Analyst also acts as a point of escalation to lower tier analysts and provides mentorship.

Job Description & Responsibilities:

• Monitor and respond to security alerts generated by the Managed Security Service Provider (MSSP), Cigna’s SIEM and/or SOAR platforms.
• Analyze, document, and communicate security events based on priority given by MSSP or SOC Team Lead and according to SOC protocol.
• Provide escalation support for security events from SOC Analysts.
• Participate in CSIRT functions supporting investigative requests and/or to assist with the development of containment/mitigation strategies.
• Perform host and network-based log analysis to identify potentially infected hosts and escalate to appropriate team according to SOC protocol.
• Correlate IOCs with data from information security systems/tooling to identify attacks and/or potentially compromised systems and escalate to appropriate team according to SOC protocol.
• Collaborate with Cigna’s Threat Intelligence, Threat Hunt, and Adversary Simulation teams to refine and/or improve threat detections and/or security controls and configurations for security monitoring systems.
• Contribute to the evaluation, testing, and implementation of new detections, security tools and processes.
• Develop and maintain documentation for all assigned responsibilities. Develop and report on trends and provide focus and situational awareness on all issues to SOC leadership.
• Required to perform duties outside of normal work hours based on business needs.
• Working in a shift is required for this role and you will be allocated to one of the following:

Morning Shifts (06:00am-03:30pm)

• Shift A: Tuesday -> Saturday
• Shift B: Sunday -> Thursday

General Shifts (11:30am-8:30pm):

• Shift C: Tuesday -> Saturday
• Shift D: Sunday -> Thursday

Experience Required:

• Overall, 5-8 years of I.T. and/or information security experience.
• Minimum 1-3 years of experience detecting and responding to cyber intrusions.
• Experience leveraging the Cyber Kill Chain and MITRE Attack Framework.
• Experience using IR tools such as Splunk, Tanium, Volatility, Encase, FTK, SIFT, REMnux, etc.
• Deep understanding of the cyber threat landscape, attack surfaces, and threats associated with each.
• Deep understanding of enterprise security controls in Active Directory/Windows and UNIX environments.
• Knowledgeable and experienced with Cloud security concepts and tooling.

Experience Desired:

• Automating and/or scripting ability in one or more of the following: Python, Perl, Bash and/or Powershell.
• Experience de-obfuscating potentially malicious content.
• Experience doing static and dynamic malware analysis.

Education and Training Required:

• A degree (bachelor’s degree preferred) from an accredited college and four years of satisfactory full-time experience required by the position; OR
• Education and / or experience which is equivalent to the above
• Relevant certifications such as Security+, CEH, CASP or similar

Primary Skills:

• Ability to conduct memory and disk forensics, network traffic analysis, log correlations in support of Incident Response investigations.
• Thorough knowledge of operating systems, networking, and host analysis.
• Detailed understanding of attacker tactics, tools, and techniques.
• Strong communication skills, both written and oral.
• Strong analytical and investigative mindset

Additional Skills:

• Ability to successfully interface with internal clients.
• Ability to document and explain technical details in a concise, understandable manner.
• Ability to manage and balance own time among multiple tasks, lead junior staff when required, and to work independently and as part of a team.

About Evernorth Health Services