Software Engineering Associate Advisor - HIH - Evernorth

Software Engineer Associate Advisor - HIH - Evernorth

Position Overview

The Provider Technology Shared Services Engineering team is seeking a Software Engineer Associate Advisor for a Band 3 Contributor Career Track position.

The Software Engineer Associate Advisor will play a critical role in system development within the broader Provider Technology Solutions and Engineering organization, significantly influencing Operations and Technology Product Management. This position will provide expertise in the engineering, design, installation, and startup of automated security testing solutions, including a self-service onboarding kit that enables users to begin utilizing the solution within minutes. The solutions developed will be accessible to individuals with minimal technical skills and will require no additional coding, ensuring zero maintenance is needed.

As a member of our team, you will operate within a high-performance, high-frequency enterprise technology environment. This role entails collaborating closely with IT management and staff to identify automated solutions that leverage existing resources with tailored configurations for each security testing use case. The objective is to minimize redundancy in solutions while promoting an enterprise mindset focused on reusability and maintaining high standards, ultimately ensuring minimal future maintenance requirements.

The Software Engineer Lead Analyst demonstrates significant creativity, foresight, and sound judgment in the conception, planning, and execution of security initiatives.

Additionally, the Lead Analyst stays informed about the latest advancements in technology, including AI and machine learning, to enhance both existing and new automation solutions. These solutions are designed to optimize production costs while facilitating the addition or updating of features aimed at improving the overall software development lifecycle experiences.

Responsibilities  

• Provide comprehensive consultation to business unit and IT management, as well as personnel, regarding all facets of application development, security testing and automation solutions across diverse development, financial, operational, and computing environments.
• Responsible for performing vulnerability assessments, threat modeling, penetration testing, and team campaigns of the Provider's IT infrastructure and applications, while closely collaborating to identify, evaluate, and remediate potential weaknesses in provider systems utilizing automated methods.
• Provides strategic vision in architectural design and Security Test Automation guidance for the team, emphasizing a thorough evaluation of the quality attributes of a software system. This includes considerations for static, dynamic security tests rather than focusing solely on the functionality of individual features. Additionally, actively oversees and manages the design of supported automation solutions.
• Conduct comprehensive research and evaluation of all potential solutions to recommend the most efficient and cost-effective automation solution that can be reused with an enterprise mindset, facilitating scalability for both existing and new applications with minimal modifications.
• Ensures that engineering solutions are aligned with the overall Technology strategy while addressing all application requirements. 
• Demonstrate industry-leading technical abilities that enhance product quality and optimize day-to-day operations. 
• Understand how changes impact work upstream and downstream including various back end and front-end architectural modules.
• Enhance personnel effectiveness using heat matrices to prioritize Quality and Development Engineering resources on high-impact interfaces while identifying areas of lesser focus.
• Perform automated activities, including analysis of logs, memory, and disk artifacts, utilizing a variety of commercial and open-source security tools to respond to and triage security threats. 
• Troubleshoot and optimize automated solutions and associated artifacts to ensure efficient operation within CI/CD pipelines and on local machines, reducing software and package dependencies or conflicts to improve cycle times.
• Execute on a strategy to hand over the automation solutions to every Agile teams for adoption and use within their areas of focus, requiring zero maintenance and minimal effort for any enhancements without delving into coding.
• Encouraging and building automated processes wherever possible.
• Recognized internally as a subject matter expert.

Qualifications

Required Skills:

• Lead and execute internal and external penetration tests against web applications, APIs, Desktop, networks, Windows and Unix variants to discover vulnerabilities.
• Create comprehensive and accurate penetration testing reports with recommendations for appropriate remediation.
• Develop scripts, tools or methodologies to enhance . penetration testing processes.
• Experience in application vulnerability assessment tools (e.g. Burp, Checkmarx, AppScan, WebInspect, Cenzic, etc.)
• Experience with network and server assessment tools (e.g. Nessus, Metasploit, Nmap, Nikto, etc.)
• Understanding of web application frameworks (React, Spring boot, Ruby on Rails, J2EE, PHP, ASP.NET)
• Strong experience in manual and automated techniques for penetration testing and executing vulnerability assessments.
• Knowledge of Windows and *nix-based operating systems.
• Knowledge of networking fundamentals and common attacks.
• Coding/scripting experience in modern scripting languages (e.g. Python, Ruby, PowerShell).
• Mobile application coding experience with Android/iOS based platforms (e.g. Java, Swift, Objective C).
• Exploit development and validation skills.
• Ability to analyse vulnerabilities, appropriately characterize threats, and provide remediation recommendations.
• Understanding of core Internet protocols (e.g. DNS, HTTP, TCP, UDP, TLS, IPsec)
• Understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc.)
• Demonstrated ability to coordinate people and lead teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities.

Required Experience & Education: 

• A Bachelor's degree in Computer Science or a related field is required.
• 8 - 11 years of professional experience in security and penetration testing experience.
• At least 3 years of experience in Agile methodologies is required.
• Passionate about security and finding new ways to break into systems as well as defend them
• Strong analytical and problem solving skills with the ability to “think outside the box”
• Familiarity with an onshore/offshore operational model is essential.
• Demonstrated experience in the architecture, design, and development of large-scale enterprise application solutions is required.

Desired Experience:  

• Proficient in Security and Penetration Test Automation and automation methodologies.
• Proficient in triaging and identifying security issues, including root cause analysis, connection problems, and application bottlenecks.
• Providing coaching and guidance to team members.

Location & Hours of Work

< >Full-time position, working 40 hours per week. Expected overlap with US hours as appropriatePrimarily based in the Innovation Hub in Hyderabad, India in a hybrid working model (3 days WFO and 2 days WAH)Equal Opportunity Statement

Evernorth is an Equal Opportunity Employer actively encouraging and supporting organization-wide involvement of staff in diversity, equity, and inclusion efforts to educate, inform and advance both internal practices and external work with diverse client populations.

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.