• Own and drive the company’s security strategy, roadmap, and overall posture • Serve as the internal expert on security best practices and risk management • Partner cross-functionally to ensure security is embedded across engineering, product, IT, and legal • Lead threat modeling, secure code reviews, and architecture reviews • Define and enforce secure coding standards and vulnerability management processes • Drive adoption of SAST, DAST, SCA, and other security tooling • Build and maintain security tooling, automation, and infrastructure as code • Implement security controls across application, API, and infrastructure layers • Partner with engineers on authentication, authorization, and data protection • Own vulnerability scanning, patching, and incident response processes • Strengthen cloud security (IAM, networking, secrets, logging, monitoring) • Integrate security into CI/CD pipelines and automate security gates • Partner with Legal to develop and maintain security policies and standards • Lead or support compliance efforts (e.g., SOC 2, ISO 27001) • Stay ahead of evolving regulatory requirements

This is an ENCORE opportunity. You must be a retired Cigna Group employee to be eligible PKI Sr. Security Engineer POSITION SUMMARY PKI Sr. Security Engineer with expertise in managing digital certificates. Prepares plans, coordinates with others to execute, and personally executes other periodic nightly change requests. During normal work hours and periodic 24x7 on-call rotations, troubleshoots certificate related incidents on a variety of production systems to restore proper operation while meeting established service level agreements. Partners with requestors, UNIX administrators, network administrators, application owners, and external entities to implement certificate solutions that increase reliability and security for enterprise applications. ESSENTIAL FUNCTIONS - Architect, deploy, and maintain Microsoft ADCS, including configuration, policy enforcement, and integration with enterprise systems for secure identity and encryption services. - Expertise in Venafi for certificate lifecycle management and policy enforcement. - Administer Luna and nCipher Hardware Security Modules (HSMs). - Develop and enforce certificate policies, standards, and governance frameworks. - Collaborate with cybersecurity, infrastructure, and application teams to integrate PKI solutions across platforms. - Provides deep dive cert troubleshooting expertise on escalation calls and production support calls. - Ensure compliance with regulatory and organizational security requirements (e.g., FIPS, NIST). - Participates in regular key production activities including annual CRL publishing and root key ceremonies. - Govern DigiCert and Sectigo external Certificate Authorities. - Assists with product roadmap. - Reports progress using data-driven metrics. QUALIFICATIONS SHOULD INCLUDE - Bachelor’s Degree or higher in Information Systems or related field. - 2+ years of hands-on experience with PKI, such as familiarity with Venafi, Microsoft’s ADCS, Entrust, DigiCert applications, including running expiration reports. - 4+ years of Linux systems administration including package management - 4+ years of scripting experience such as Ansible, bash, PowerShell or Python is preferred. - Proficient in PKI technologies, including code signing, Certificate Revocation Lists (CRL), Certificate Enrollment Policy/Services (CEP/CES), and Network Device Enrollment Service (NDES). - Extensive knowledge of SSL/TLS, public/private certificate signatures, cryptographic algorithms, certificate authorities and truststores. - Security related industry certification is a plus. - Working knowledge of TCP/IP networking/routing concepts and familiarity with firewalls, hubs, routers, switches, DNS, gateways and F5 load balancers. - Proficiency in both UNIX and Windows systems with ability to navigate, search, determine ownership, execute certificate related commands, etc. - Familiarity with general tools such as Java Keytool, Keystore Explorer, OpenSSL and Putty. - Experience configuring and troubleshooting web, application, and middleware technologies is a plus. - Strong organizational skills. Ability to prioritize, plan and perform multiple tasks simultaneously, including tracking the status of multiple certificates without losing focus. - Able to self-start and work independently in a self-directed manner in complex, dynamic, large scale, multi-platform distributed middleware environments with minimal direction. - Advanced detail-oriented problem-solving skills and the ability to build relationships and work collaboratively with other departments to resolve complex issues with innovative solutions. - Demonstrated ability to quickly learn and communicate concepts and ideas effectively both verbally and in writing across all levels of the organization - Possesses strong customer service focus with a willingness to accommodate deadlines, including implementing after-hour change requests on a rotational basis. - Familiarity with healthcare or PBM industry is helpful. - This is an ENCORE opportunity. You must be a retired Cigna Group employee to be eligible If you will be working at home occasionally or permanently, the internet connection must be obtained through a cable broadband or fiber optic internet service provider with speeds of at least 10Mbps download/5Mbps upload. About The Cigna Group Doing something meaningful starts with a simple decision, a commitment to changing lives. At The Cigna Group, we’re dedicated to improving the health and vitality of those we serve. Through our divisions Cigna Healthcare and Evernorth Health Services, we are committed to enhancing the lives of our clients, customers and patients. Join us in driving growth and improving lives. Qualified applicants will be considered without regard to race, color, age, disability, sex, childbirth (including pregnancy) or related medical conditions including but not limited to lactation, sexual orientation, gender identity or expression, veteran or military status, religion, national origin, ancestry, marital or familial status, genetic information, status with regard to public assistance, citizenship status or any other characteristic protected by applicable equal employment opportunity laws. If you need a reasonable accommodation to complete the online application process, please email seeyourself@thecignagroup.com for assistance. Please note that this email inbox is dedicated to accommodation requests only and cannot provide application updates or accept resumes. The Cigna Group has a tobacco-free policy and reserves the right not to hire tobacco/nicotine users in states where that is legally permissible. Candidates in such states who use tobacco/nicotine will not be considered for employment unless they enter a qualifying smoking cessation program prior to the start of their employment. These states include: Alabama, Alaska, Arizona, Arkansas, Delaware, Florida, Georgia, Hawaii, Idaho, Iowa, Kansas, Maryland, Massachusetts, Michigan, Nebraska, Ohio, Pennsylvania, Texas, Utah, Vermont, and Washington State. Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.

Role Description The Security Engineer is responsible for building, maintaining, and improving defensive security measures, tools, and processes that protect systems, applications, and data. This role works closely with the Security, DevOps, and Engineering teams to proactively identify risks, remediate vulnerabilities, and strengthen the overall security posture of the organization. - Maintain and enhance intrusion detection and prevention systems (IDS/IPS). - Support the vulnerability management lifecycle, including scanning, triage, remediation, and reporting. - Develop and maintain security automation scripts and tooling to improve efficiency and reduce manual work. - Partner with SOC Analysts during incident response to investigate, contain, and remediate threats. - Collaborate with DevSecOps engineers to secure CI/CD pipelines, containers, and cloud infrastructure. - Conduct regular security assessments of infrastructure, applications, and configurations. - Assist in implementing and maintaining endpoint security controls and monitoring solutions. - Research emerging threats, attack techniques, and security tools, applying them to strengthen defenses. - Document security standards, procedures, and response playbooks. Qualifications - 3+ years of experience in security engineering, system administration, or related roles. - Solid understanding of network security concepts (firewalls, IDS/IPS, proxies, VPNs). - Experience with vulnerability management tools and processes. - Strong scripting skills in Python, Bash, or PowerShell for automation and tooling. - Familiarity with cloud platforms (AWS, Azure, or GCP) and securing cloud-native services. - Hands-on experience with endpoint security tools and monitoring solutions. - Strong analytical and problem-solving skills with the ability to think like an attacker. Requirements - Experience securing containerized workloads (Docker, Kubernetes). - Knowledge of compliance frameworks (PCI-DSS, SOC 2, NIST, ISO 27001). - Familiarity with SIEM solutions and log analysis. - Experience with Infrastructure as Code (Terraform, CloudFormation). Benefits - 💵 Competitive USD salary - 🌴 20 business days of vacation per year + 6 National holidays - 🐣 Family Leave - 💻 A dynamic remote work culture. You can work from Anywhere! - 🚀 An entrepreneurial environment.

ABOUT US Syniti is the enterprise data partner, empowering anyone who relies on data to make business-critical decisions by delivering data they can trust through a unique combination of intelligent software and experts who deeply understand the role of data in enterprise growth. Trusted by the Fortune 2000, Syniti helps leading businesses reconfigure the role of enterprise data from afterthought to foundational first step; enabling them to unlock valuable insights that ignite growth, reduce risk, and expand their competitive advantage. Syniti’s Data First philosophy and enterprise data management platform supports data migration, data quality, data replication, data matching, master data management, analytics, data governance, and data strategy in a single, unified solution. As an innovative, global leader in Enterprise Data Management, the combination of our award-winning software platform and premier consultants creates a unique advantage for leading enterprises. Syniti is also a preferred data solution used by the world’s top system integrators. Headquartered in Boston, Massachusetts with offices in 25 countries around the world, Syniti operates in all global regions and industry verticals, and maintains a 100% client success rate across thousands of complex data projects and initiatives. THE ROLE The Network & Information Security Manager will oversee both the security posture and network architecture of Syniti’s global SaaS platform, spanning AWS, Azure, and SAP BTP environments. The role is responsible for meeting regulatory standards including FedRAMP High, IL4/IL5, CMMC 2.0 Level 2, ITAR, and UK Cyber Essentials+. This role leads security architecture reviews, incident readiness, and also serves as the technical lead for network design, implementation, and optimization. This includes responsibility for network segmentation, secure connectivity, and inter-region network architecture using technologies such as AWS Cloud WAN, AWS Transit Gateway, Azure Virtual WAN, PrivateLink, and SAP BTP interconnectivity options. As a strategic security and network leader within Cloud Operations, this role collaborates with Engineering, SRE, Compliance, and external auditors to implement and maintain zero trust principles, control enforcement, and secure network transport. WHAT YOU WILL DO - Own and manage vulnerability management program across cloud and containerized workloads. - Oversee threat detection, incident response, and forensic analysis coordination with external SOC provider. - Own and manage network design, segmentation, and secure interconnectivity across AWS, Azure, and SAP BTP environments using services like Cloud WAN, Transit Gateway, Azure Virtual WAN, and PrivateLink. - Ensure security logging and monitoring controls meet customer-facing audit and compliance requirements. - Serve as security SME for FedRAMP, IL4/IL5, ITAR, and international compliance programs. - Develop technical policies and standards in partnership with engineering and compliance stakeholders. - Facilitate risk assessments in conjunction with the Compliance Manager and provide security architecture review of platform services and infrastructure changes. WHAT IT TAKES Professional Skills & Abilities - Strong understanding of cloud-native security models, including IAM, encryption, container security, and logging. - Excellent communication skills and ability to work with cross-functional technical teams and executives. - Hands-on experience leading or implementing security programs in highly regulated SaaS environments. Technical Skills & Experience - 10+ years of experience in networking and cybersecurity or infrastructure security roles. - Experience with vulnerability management, SIEM , EDR (Crowdstrike/Sentinel one), CSPM and CNAPPs - Familiarity with AWS/Azure security tooling and KMS/Secrets Manager integration. - Experience working in or supporting FedRAMP, DoD IL, ITAR, or similar compliance programs. - Relevant security certifications preferred (CISSP, CISM, CISA, CCSP). - Relevant network certifications preferred (CCNP, CCDP, CCIE and AWS/Azure Network specialist certifications) Hands-on experience with AWS and Azure networking technologies (e.g., VPC, Cloud WAN, Transit Gateway, PrivateLink, Azure Virtual WAN, ExpressRoute). WHAT WE OFFER - Trust that you are good at what you’re doing. At Syniti you will find a supportive environment and access to learning tools, but micromanagement is not our thing. - Growth. We are growing rapidly and steadily solving the biggest challenges enterprise companies are faced with today. There was never a better time to join and grow with us. Most importantly you will have the chance to shape our journey and share in our success story. - Support. We all rely on each other and enable each other to be successful. You won’t stand alone. - Curiosity and genuine interest in you. We all have our different stories, all equally fascinating with each depicting a different journey and we want to hear them all. - Recognition. We are the sum of individual achievements and we always take the time to celebrate them. - An open organisation. Hierarchies are not our thing and access is something we make sure of across the board. We are a family where everyone is just as important, everyone’s work is seen and ideas valued. Our Commitment to Inclusion At Syniti, we’re committed to creating a respectful, inclusive, and fair workplace where everyone belongs and thrives. We believe that diverse perspectives make us stronger — and we value the unique backgrounds, experiences, and voices each person brings to our team. We welcome applicants based on their skills and potential, and we’re dedicated to ensuring equal opportunities for all, regardless of personal background. If you need accommodations during the hiring process, please let us know — we’re here to support you. Syniti discloses salary range information in compliance with state and local pay transparency obligations. The disclosed range represents the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting, although we may ultimately pay more or less than the disclosed range, and the range may be modified in the future. The disclosed range takes into account the wide range of factors that are considered in making compensation decisions including, but not limited to: relevant education, qualifications, certifications, experience, skills, seniority, performance, sales or revenue-based metrics, and business or organizational needs. At Syniti, it is not typical for an individual to be hired at or near the top of the range for their role. The base salary range for this role is $120,000 - $200,000. This role may be eligible for other compensation including variable compensation, bonus, or commission. Full time regular employees are eligible for paid time off, medical/dental/vision insurance, 401(k), and any other benefits to eligible employees. Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law