Global Threat Intelligence & Analysis Senior Intelligence Analyst:
Cigna's Global Threat Intelligence & Analysis Team (TI&A) has a mission to continuously monitor and analyze the cyber threat landscape to identify threats against Cigna and convert information into actionable intelligence in order to inform decision makers, enrich alerts, guide threat hunting and focus our investments on the right controls. Cigna's global foot print, including a significant presence in EMEA and APAC, presents a unique and interesting data collection and analysis opportunity. Harnessing Cigna data sources to produce organic intelligence and correlating that intelligence with external sources will be the primary objective and the earmark of success for the right candidate in this role. This role will report to the Global TI&A Senior Manager and will also contribute to the continuous surveillance of and reporting on the cyber threat landscape, emerging TTP and the reported activities of threat actors who pose the greatest risk to Cigna. Routinely the intelligence produced will require briefing leadership and the right candidate must have experience producing and delivering reports to technical and non-technical senior leaders.
Essential Duties and Responsibilities:
Monitor and analyze the cyber threat landscape in order to identify external and emerging cyber threats to Cigna and its affiliates;
Conduct analysis on Threat information to identify current impact and identify potential mitigations;
Translate data analysis into written or verbal intelligence updates to share with senior management, information systems professionals, and technical and non-technical users;
Communicate to fellow stakeholders and senior leadership the cyber risk to the organization through operational briefings and threat intelligence reports;
Extract and communicate trends from the cyber threat landscape;
Establish methods of correlating and enriching internal network anomalies with threat intelligence for the purposes of increasing situational awareness among tier one SOC analysts, informing threat hunts, providing attribution, and aiding in the establishment of strategic countermeasures;
Develop, create, and drive current and new reporting methods and products, with the goal of increasing situational awareness and ensuring Intelligence products are actionable;
Support incident response and threat hunting activities to include providing intelligence context, analysis support, industry expertise, and recommendations around remediation and countermeasures;
Mentor junior team members, support their growth and the development of methods by which they may initiate tactical mitigations based on results of analysis and determination of threat validity;
Continuously evaluate the effectiveness of methods of intelligence ingestion, as well as the reliability of data feeds;
Evaluate new intelligence sources and make recommendations for improvements and new sources;
Assist in maintaining an effective Threat Actor Intelligence program, which provisions for the identification, tracking, and prioritization of cyber threat actors of various types;
Maintain memberships and establish intelligence-sharing relationships with appropriate sources within the intelligence community;
Partner with Adversary Simulation to ensure that red and purple team campaigns emulate TTP of relevant threat actors
Knowledge, Skills and Abilities:
Possess knowledge of Intelligence Community (IC) fundamentals (classifications, Traffic Light Protocol (TLP), Intelligence Sharing and Analysis Centers (ISACs);
Ability to apply analytical understanding of hacker methodologies and tactics, system vulnerabilities, and key indicators of attacks and exploits;
Ability to communicate complex ideas and concepts effectively, using the correct grammar and terminology, both orally and in writing, with senior management staff, information systems professionals, and technical and non-technical users;
Ability to quickly and effectively digest disparate data sources to determine security implications and risk levels;
Able to provide recommendations of security improvements by assessing current efficacy of current capabilities/solutions, evaluating trends and anticipating requirements;
Possess knowledge of virtual environments, Cloud platforms (IaaS), network operating systems, mobile device environments, and data encryption methods;
Demonstrated expertise in network communication protocols, operating systems, servers, firewall implementation, IPS/IDS systems, and advanced malware detection systems;
Must be able to multi-task and work independently on moderate to complex assignments using independent professional discretion and judgment as well as transition quickly between projects with minimal supervision;
Ability to maintain effective working relationships with colleagues, users, contractors, and vendors;
Has in-depth knowledge of security systems and understands the life cycle of network threats, attacks, attack vectors, and methods of exploitation;
Possesses the ability to use in-depth knowledge to identify and present actionable intelligence to team members and senior leadership;
Maintain advanced knowledge of tools and techniques for analysis and identification of the nature of threats;
Ability to perform security analysis of network traffic data and report on threats as needed, and act as the escalation point for additional analysis.
Technical Skills Required:
Strong understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols;
Experience with log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior;
Experience utilizing a broad array of security tools including Security Information and Event Management (SIEM) system, intrusion detection systems, web proxy systems, routers, switches, firewall deployment and other tools used to assess network security;
Demonstrated knowledge of techniques used to analyze network traffic for malicious activity and perform packet analysis;
Identify, extract, and leverage intelligence from intrusion attempts carried out by advanced cybercriminals or advanced persistent threat (APT) groups;
Piece together and track intrusion campaigns and activity carried out by various threat actors, and nation-state/advanced threat actor activity;
Manage, share, and receive intelligence on adversary groups;
Fully analyze network and host activity in successful and unsuccessful intrusions by advanced attackers;
Leverage intelligence to better defend against and respond to future intrusions.
Ability to communicate complex ideas simply and effectively;
Demonstrated ability to work in a team environment both in-person and remotely, with minimal supervision, alongside a Global Information Protection Team;
Must be able to perform well under pressure while maintaining a professional image and approach;
Possess strong time management skills and the ability to effectively prioritize tasks and work independently with minimal daily management interaction;
Excellent written and verbal communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with peers, IT management, and senior leaders;
Ability to participate in meetings and projects with customers and partners , including those involving technical topics or technical service delivery;
Strong problem solving skills, and a desire to attempt to work through blockers prior to seeking assistance.
Scripting in languages such as Python, Perl, Powershell and a deep understanding of command line across Linux, Unix, OSX, Windows, etc.
Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar are a plus but experience is preferred
Networking certifications (e.g. CCNA - Security, CCNP) and demonstrated practical experience
Military/Government experience performing Cyber Threat Intelligence work
This position is not eligible to be performed in Colorado.
Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you'll enjoy meaningful career experiences that enrich people's lives. What difference will you make?
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.