Information Protection Senior Advisor (Product Security - DevSecOps)
Role details
Job location
Tech stack
Job description
- Partner with development teams to embed security practices that enable safe, scalable, and high-quality product delivery
- Design and implement automated security solutions within CI/CD pipelines to strengthen application security posture
- Integrate and optimize application security testing tools (SAST, DAST, SCA, MAST) across multiple development environments
- Influence secure architecture decisions by contributing to the design and implementation of modern applications and platforms
- Lead security assessments, threat modeling, and vulnerability analysis to proactively identify and reduce risk
- Develop and enhance reusable security services, tooling, and automation frameworks that support enterprise-wide DevSecOps maturity
- Provide expert guidance to engineering teams on secure development practices and emerging security trends
- Strengthen collaboration across cross-functional teams to promote a culture of shared security ownership
- Ensure alignment with regulatory and compliance requirements (e.g., HIPAA, PCI-DSS, GDPR) where applicable
- Improve security operational efficiency, performance, and cost optimization across application environments
Requirements
- 8+ years of experience in cybersecurity, with a focus on application or product security
- Proven experience integrating and automating security tools in CI/CD pipelines
- Strong understanding of secure software development principles and modern SDLC practices
- Hands-on experience with application security testing tools (SAST, DAST, SCA, MAST)
- Experience designing and implementing security solutions across complex development environments
- Familiarity with cloud platforms (AWS, Azure, or Google Cloud) and securing cloud-native applications
- Strong interpersonal skills with the ability to influence and collaborate across engineering teams
- Demonstrated ability to work effectively in Agile environments
Preferred Qualifications
- Experience with security automation and orchestration frameworks
- Knowledge of regulatory and compliance frameworks (HIPAA, GDPR, PCI-DSS)
- Proficiency in scripting or programming languages such as Python, Java, or Shell
- Experience securing applications built with modern technologies (e.g., Java, Angular)
- Industry certifications such as CISSP, CISM, CEH, or equivalent
- Advanced degree in Computer Science, Information Security, or a related field
If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload.
Benefits & conditions
For this position, we anticipate offering an annual salary of 124,600 - 207,600 USD / yearly, depending on relevant factors, including experience and geographic location.
This role is also anticipated to be eligible to participate in an annual bonus plan.
At The Cigna Group, you'll enjoy a comprehensive range of benefits, with a focus on supporting your whole health. Starting on day one of your employment, you'll be offered several health-related benefits including medical, vision, dental, and well-being and behavioral health programs. We also offer 401(k), company paid life insurance, tuition reimbursement, a minimum of 18 days of paid time off per year, paid holidays, and leaves of absence. For more details on our employee benefits programs, click here (https://jobs.thecignagroup.com/us/en/benefits) .
About The Cigna Group
Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we're dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives.