Info Security Risk Analyst – DAST, SAST and Penetration Testing

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. 

Primary Responsibilities:

• Build an operational network with individuals and teams to serve intra-organizational needs
• Work within matrixed groups alongside multiple leaders, teams, and disciplines
• Collect, analyze, and validate security data for issues with compliance, tools, or workflows
• Drive resolution of security non-compliance by engaging owners, provide knowledgeable support or guidance, remove blocking issues, and escalate problems to responsible teams for resolution
• Prepare, publish, and present reports to engineers and senior executives
• Lead new security initiatives and create new associated reports
• Research policies and security standards
• Learn new security related tools and reporting systems
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Undergraduate degree or equivalent experience
• Worked with Pen Test using Burp Suite or similar tool
• Exposure to public cloud security services like AWS Security Hub, MS Defender
• Knowledge of DAST and SAST tools like Sonar, Falco etc.
• Working knowledge about K8s container security
• Exposure to tools like Prisma, Nessus and SIEM practices
• Knowledge of:
  • SDLC and Agile Methodologies
  • Managed Business Objectives (MBO)
  • Key Performance Indicators (KPI)
  • Enterprise Governance, Risk and Compliance (eGRC)
  • Product Lifecycle Management (PLM)
  • Disaster Recovery (DR)
  • Multi Factor Authentication (MFA)
  • Application Logging & Monitoring, & SIEM
  • Root Cause Analysis (RCA)
  • Service Organization Control Audits (SOC2)
  • Open-Source Software (OSS)
  • Artifactory Scanning
  • Software Composition Analysis (SCA)
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Penetration Testing (both internal and 3rd Party Vendors)
  • On-Prem Infrastructure scanning & patching
  • Cloud Infrastructure policy, scanning, and remediation (primarily Azure)

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.