DUTIES

Application security is an important aspect of Information Technology at Express Scripts, and we are increasing our capabilities with new opportunities in the Software Engineering department.  Software Engineering Security is a key part of assisting the design, development, and delivery of security hardened application products through the Agile Secure Software Development Life Cycle (SSDLC) and CI/CD pipeline development DevSecOps processes.  The Application Security Engineering (ASE) team is seeking an Application Security Engineer with capabilities in planning and implementing security measures to harden web and mobile applications.

The Security Engineer uses specialized in-depth knowledge and experience to contribute to the design and programming of complex software application programs. This role works closely with software technologist, enterprise solutions architecture, software development, QA/security testing, and Information Security analysts.

RESPONSIBILITIES

AppSec Engineers are responsible for facilitating and accelerating secure software development and delivery.

• Training
  • Research and publish secure application development and security coding best practices guidance for developers and development teams
  • Present secure coding best practices
  • Mentor and develop secure coding best practices with programmers.
• Enabling
  • Design and develop enterprise security utilities and common services to automate security compliance
  • Build and maintain applications, and documentation to support secure development best practices as well as security libraries & common components for reuse by application development teams.
• Assisting
  • Provide vulnerability remediation assistance
  • Conduct Security Code Reviews
• Consults and contributes to technical architectures and strategies for enterprise cybersecurity controls and compliance assurance.
• Participates in the development of solution application design patterns, standards, specifications, procedures & practices.
• Provides cybersecurity architecture & systems engineering consulting to business, IT, and Information Protection teams.
• Reviews projects and provides security standards to the technology, prescribing appropriate protection configurations that will balance business requirements with enterprise technology standards to arrive at the optimal solution.
• Investigates leading technologies in the marketplace and make assessments regarding relevance to security related technology solutions and maintains effective relationships with key technology vendors and industry professionals.
• Training: Mentor junior members of the team and participates in development of team goals & objectives.
• Translate security and technical requirements into business requirements, and communicate security risks to different audiences ranging from business leaders to engineers.
• Develops new detective and investigative capabilities using current technical solutions.
• Grows cyber intelligence capabilities and networks.
• Responsible for identifying continuous security capability improvements that will help protect our computing environments.
• Participate in incident handling and cross-team coordination.

SKILLS

• Ability to define n-tier applications, understanding how they fit into the overall system architecture of a shared SOA platform and supporting IT infrastructure
• Deep knowledge of current technologies including Open Source, J2EE (JSP, Servlet, JSP, etc.), web application development, web services (REST/SOAP/XML), Rich Internet Applications, messaging infrastructures and databases
• Programming “Expert” proficiency in: Java Spring Boot, JavaScript (NodeJS, CucumberJS). 
• Cloud application hosting familiarity: Pivotal Cloud Foundry / AWS / Azure / etc.
• Software Delivery management: Git, Maven, Jenkins
• Ability to provide and implement secure solutions to a wide range of difficult problems
• Ability to lead discussions with all levels of the organization and provide balanced information of an idea or communication of an issue regardless of written or verbal
• Training presentation and mentoring experience
• Demonstrated ability to work collaboratively across project teams
• Ability to work remotely and independently with minimal direct supervision.
• A true team collaborator, translating prior knowledge and experience into strong productive relationships.
• Demonstrated strong understanding and experience with both information security and risk management, including information security assessment, mitigation solution design/implementation, policy and standards

EDUCATION

• 8+ years professional software development experience preferred
  • BS in Computer Science (ABET accredited) or 4 years application development programming experience
    Web and mobile application development experience implementing high volume multi-tier transactional systems, including: mainframe, web applications, encryption, workflow, imaging and web services.
  • Additionally 4+ years application development and testing with application security best practices experience
• Professional Certification (current or pending): CISSP, CEH, or similar

Other Infos

• Location: Remote anywhere in US

This role is WAH/Flex which allows most work to be performed at home. Employees must be fully vaccinated if they choose to come onsite. 

For this position, we anticipate offering an annual salary of $110,300 - $183,800, depending on relevant factors, including experience and geographic location.

This role is also anticipated to be eligible to participate in an annual bonus plan.

Helping our customers achieve healthier, more secure lives is at the heart of what we do. While you take care of our customers, we’ll take care of you through a comprehensive benefits program that helps you be at your best. Starting on day one of your employment, you’ll be offered several health-related benefits including medical, vision, dental, and best in class well-being and behavioral health programs. We also offer 401(k) with company match, company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year and dozens of corporate discounts on essentials you use every day. For more details on our employee benefits programs, please visit the “Life at Cigna” tab on our careersite: www.cigna.com/careers

About Cigna

Cigna Corporation exists to improve lives. We are a global health service company dedicated to improving the health, well-being and peace of mind of those we serve. Together, with colleagues around the world, we aspire to transform health services, making them more affordable and accessible to millions. Through our unmatched expertise, bold action, fresh ideas and an unwavering commitment to patient-centered care, we are a force of health services innovation. When you work with us, or one of our subsidiaries, you’ll enjoy meaningful career experiences that enrich people’s lives. What difference will you make?

Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws.

If you require reasonable accommodation in completing the online application process, please email: SeeYourself@cigna.com for support. Do not email SeeYourself@cigna.com for an update on your application or to provide your resume as you will not receive a response.