Information Protection Senior Advisor

Summary

This position is best suited for an experienced SIEM engineer with a proven understanding of enterprise security. The successful candidate will possess deep technical knowledge on a number of security technologies; have a solid understanding of information security and networking, and extensive experience interacting with customers. The SIEM Engineer is responsible for delivery of client specific SIEM management solutions. The SIEM Engineer serves as an escalation point for critical and complex client issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team. The primary focus for this role is to act as a Subject Matter Expert for SIEM and CRIBL technology and be able to configure, manage, operate and administrate the platforms.

Essential Duties and Responsibilities

• Administration, CIM mapping and platform management of a Splunk / Splunk SaaS Platform

• Enrolling log sources, administration, content development and working with SIEM customers/stakeholders across the globe

• Build new capabilities and installation of new applications from the app exchange to extend functionality

• Monitor the impact of deploying new content to the health and performance of the SIEM

• Creation and improvement of security policies, processes and procedures and other SIEM related documentation

• Lead logging enrollments from multi-tier applications into the enterprise logging platforms

• Modify existing parsers, as well as implement and test custom parsers and log source extensions in order to capture and correlate events from non-standard log sources

• Evaluate deployment to identify flaws and key areas for improvement in effort to maintain an optimal SIEM operating environment

• Comprehend error logs and act as escalation point for underlying event collection and correlation components

• Experience with Linux or CentOS

• Understanding of regular expressions (Regex) and Python scripting

• Knowledge in the following areas is a plus: Perl and shell scripting, Docker, ELK, Hadoop

• Ability to isolate problems between hardware and software and provide information to appropriate development team(s)

• Highly developed, process-oriented skills for troubleshooting, problem solving, and problem resolution

• Superior written and verbal communication skills are a must

• Must be able to work in a fast-paced technical environment and sophisticated cyber-security products with frequent product releases and updates

Core Competencies Desired

• Expert level administrative and engineering experience with Splunk and Splunk SaaS

• 5+ years security engineering experience in mid-sized to large organizations, with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis.

• 3+ years with SIEM and UEBA technologies

• Investigates, interprets, and responds to technical and/or complex IT security data.

• Demonstrated ability to work with matrixed resources in a team environment.

• Must have excellent oral and written communication skills

• Ability to ensure activities are in alignment with the business objectives and risk management framework

• Strong technical skills, which may include experience with Linux and Window operating systems and scripting languages like Python.

• Ability to anticipate, recognize, and resolve technical (hardware, software, application or operational) problems.

• Working knowledge of Linux, LDAP, TCP/IP networking stack, and regular expressions

• Some SANS Training completed

Qualifications

Bachelors degree in Computer Science or a related discipline, at least eight, typically twelve or more years of solid, diverse work experience in IT, or the equivalent in education and work experience.

One or more of the following certifications is preferred: CISSP, CCNA Security +, AWS Security, CCNP Security, CCIE, CCSP, CCIE, CCA, ITIL

If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.

About The Cigna Group

Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: [email protected] for support. Do not email [email protected] for an update on your application or to provide your resume as you will not receive a response.

The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State.