Cyber Security Associate Advisor [T500-14712]

About Evernorth: Evernorth Health Services, a division of The Cigna Group (NYSE: CI), creates pharmacy, care, and benefits solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention, and treatment of illness and disease more accessible to millions of people. Cyber Security Associate Advisor - Data Loss Prevention Position Summary: Cigna Information Protection is looking for a Data Loss Prevention (DLP) Lead Analyst. The DLP Lead Analyst monitors user behavior-based cybersecurity events, controls the access and usage of classified data, provides senior technical support and expertise with Cloud/SaaS/CASB integration into the enterprise DLP solution, and serves as a point of escalation for Data Loss incidents. The ideal candidate will have excellent analytical and problem-solving skills, strong communication skills (written and verbal), and a strong technical skill set. The candidate should also have a good understanding of Insider Threat programs along with Gen AI knowledge/ toolsets. Job Description & Responsibilities:

• Engineering level expertise to provide guidance and direction for Cloud/SaaS/CASB platforms in relation to data loss monitoring, automation, alerting, mitigating security incidents.
• Provide recommendations for security improvements by assessing current DLP landscape, evaluating trends and products, and anticipating future requirements to reduce enterprise risk.
• Develop and assist in engineering solutions for DLP related use cases related to automation involving SOAR and SIEM platforms.
• Develop and maintain log query, offense rules, actionable alerts, and report creation in SIEM platform.
• Identify, analyze, and verify Data Loss events related to email, web, endpoint channels.
• Perform security analysis of network traffic data and report on threats for handoff and additional analysis.
• Threat mitigation through immediate action utilizing enterprise security tools and outreach to partner teams to achieve containment.
• Work within rotational schedule to ensure full coverage for event monitoring and security report review as needed
• Provide supporting evidence as needed to support Privacy Office investigations
• Assist in audit activities to provide evidence, address and remediate Findings
• Ensure process and procedure guides are up to date and accurate
• Follow enterprise Change Management workflows to ensure stable production implementation of enhancements
• Maintain and tune policies/rules within data loss tools to reduce risk to company.
• Assist with metric collection for weekly/monthly management reporting requirements.
• Support projects to assist in deployment, tuning and configuration of new technology as needed.
• Support 24x7 on call for escalated security incidents on a rotational basis.
• Perform other security duties as required
• Follow up and review cases until closure which includes investigating and recommending appropriate corrective actions for cyber security incidents and communicating with the implementation staff responsible or taking corrective actions.
• Manage and escalate Data Loss incidents to Senior Management for awareness and resolution in timely manner.

• Overall 8 - 11 years of I.T. and/or information security experience
• 3+ years of experience using enterprise level DLP solutions

• Scripting ability in Python and/or Perl and a deep understanding of command line tools such as grep and tcpdump
• Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar
• Networking certifications (e.g. CCNA - Security, CCNP) and demonstrated practical experience
• Linux knowledge a plus

• Bachelors degree in Computer Science, Information Technology, or related field
• Education and / or experience which is equivalent to the above

• Strong understanding of Cloud Security concepts and CASB function. Understanding of Insider Threat programs along with Gen AI knowledge.
• Expertise with a variety of security tools such as CASB, Cloud proxy, Data Loss Prevention platforms, Security Information and Event Management (SIEM) system, email proxy systems, SOAR platforms.
• Applied scripting expertise in Powershell, VBscript, Python and strong understanding of Regex.
• Strong understanding of infrastructure designs; including routing, firewall functionality, load balancing, and in-depth understanding of other network protocols.
• Demonstrated experience with network and endpoint data loss prevention (DLP) tools. Candidate will be required to utilize various security tools to monitor security risks in the Cigna internal network, create cases in case tracking tool and initiate investigation where warranted.

• Demonstrated ability to work in a team environment.
• Self-starter willing to take initiative to go beyond the ask.
• Ability to effectively prioritize tasks and work independently with minimal daily management interaction.
• Excellent written and verbal communication skills.
• Strong judgment and leadership skills.
• Ability to work effectively with clients and IT management and staff.
• Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics.
• Strong analytical skills and inferential thinking.
• Ability to create and document new processes/procedures and gain intra and inter team buy-in and acceptance.
• Ability to operate and contribute effectively as a remote member of a global Information Protection team.