The Global Threat Intelligence Senior Manager role will be responsible for the enterprise wide intelligence program for a Fortune 12 health services organization with offices in over 30 countries. The areas of responsibility includes the curation of all collected intelligence, data and alert enrichment, partnership and coordination with Incident Response, Red Team and Threat Hunt leadership, research and development of threat intelligence products and continued maturation of Cigna's intelligence program. It is critical that the right leader has a broad Cyber security background, coupled with a deep and practical understanding of Threat Intelligence which will enable the candidate to lead the program and ensure integration into the fabric of existing security, IT and business process. As the program continues to mature, the Intel leader will be responsible for coordinating the strategic direction of the threat intelligence program, integrating the program into stakeholder work streams and aligning strategic threat intelligence products to business needs.
Essential Duties and Responsibilities:
Develop and maintain intelligence curation and reporting procedures to meet changing requirements within Cigna and establish an Enterprise intelligence service to support all of Cigna's core business and subsidiary's growing requirements.
Develop, create, and drive current and new reporting methods of Intelligence analysis to peers and leadership teams for purposes of situational awareness and ensuring Intelligence products are actionable (e.g. informing risk decisions, driving product selection, identifying threat vectors, informing Hunt/Red Team actions, etc.)
Establish and maintain relationships within the Cyber Intelligence community to enable communication with law enforcement and peer organizations
Evaluate new intelligence sources and assess Cigna's security and overall IT infrastructure to determine points of integration
Provide briefings and reports to team members and senior leadership regarding the risks to the organization
Coordinate and direct threat intelligence analyst activities in the collection of data and production of intelligence products
Coordinate with leaders across the enterprise to identify where threat intelligence can be a value add and establish the necessary relationships and procedures to integrate intelligence operationally and strategically
Ensure all threat intelligence products are correlated to common threat models and frameworks including MITRE, Kill Chain, etc.
Knowledge, Skills and Abilities:
Proven leader of technical teams responsible for gathering and producing threat intelligence
Proven ability to engage and influence stakeholders across the enterprise to improve current intelligence products and to develop new products
Proven ability to effectively communicate at technical and senior leadership levels
Strong ability to establish effective processes and work across organizations to integrate process as needed
Effective change leader capable of gaining a comprehensive understanding of the current state of people, process and technology, establishing clear, supported strategic plans and effectively communicating plans with team, leadership and other stakeholders
Proven ability to leverage vendor partners where necessary to deliver threat intelligence products
Able to provide recommendations of security improvements by assessing current efficacy of current capabilities/solutions, evaluating trends and anticipating requirements
Strong understanding of common threat models and frameworks in order to correlate and communicate intelligence mapped to MITRE ATT&CK, Kill Chain, etc.
Technical Skills Required:
Strong understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols
Experience with log analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior
Experience utilizing a broad array of security tools including Security Information and Event Management (SIEM) system, intrusion detection systems, web proxy systems, routers, switches, firewall deployment and other tools used to assess network security
Demonstrated knowledge of techniques used to analyze network traffic for malicious activity and perform packet analysis
Maintain partnership and memberships to coordinate with appropriate sources within the intelligence community regarding possible security incidents
Identify, extract, and leverage intelligence from APT or other advanced intrusion attempts
Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats
Manage, share, and receive intelligence on adversary groups
Leverage intelligence to better defend against and respond to future intrusions
Soft Skills:
Demonstrated ability to work in a team environment both in-person and remotely
Ability to effectively prioritize tasks and work independently with minimal daily management interaction
Excellent written and verbal communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with peers, IT management and senior leaders
Ability to participate in customer and partner facing meetings and projects, including those that involve technical topics or technical service delivery
Strong analytical skills and ability to creatively challenge current methods and procedures
Ability to operate and contribute effectively as a remote member of a global Information Protection team
Ability to obtain a strong understanding of the technical details involved in current APT threats and exploits involving various operating systems, applications and networking protocols
Strong analytical and problem solving skills
Experience Requirements:
Bachelor degree in Computer Science, Information Technology or equivalent practical experience
Extensive Cyber Security focused experience, threat intelligence or related IT experience
Several years of large enterprise experience with proven ability to manage teams and integrate security products and process across IT and business applications preferred
Preferred Qualifications:
Industry recognized certification in cyber security such as GCIA, GCIH, CISSP or similar are a plus but experience is preferred
Military/Government experience performing Cyber Threat Intelligence work
This role is WAH/Flex which allows most work to be performed at home. Employees must befully vaccinated if they choose to come onsite.
This position is not eligible to be performed in Colorado.
About Cigna
Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you'll enjoy meaningful career experiences that enrich people's lives. What difference will you make?
Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.
If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.
