Principal Software Engineer – Java FSD, IAM

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

Aikyam is the most advanced “Identity as a Service” Platform within Optum, part of the UnitedHealth Group family of businesses that is aimed to provide a central and universal user identity for identifying and authenticating a user in the healthcare domain. It is built upon open standards like OAuth 2.0, OpenID Connect, SAML 2.0 Web SSO etc. It is a highly available, reliable and scalable service hosted in public cloud. We enjoy the trust of large customers in healthcare industry and government services with operations across United States of America.

Primary Responsibilities:

• Plan, define, design, implement and maintain the solution architecture in the area of internal and external identity & access management solution in public and private cloud environments
• Adopt, implement and define guidelines using open standard identity protocols and mechanisms such as OAuth 2.0/ OpenID Connect, SAML 2.0, Federated Identity Management and SSO
• Mentors other members of the team on Information Security and Secure Development Standards
• Evaluates and recommends new and emerging security methods, best practices, tools, technologies and staying abreast of new threats & vulnerabilities
• Implement Security and Disaster Recovery measures and drive automation in the cloud architecture
• Develop and integrate analytics algorithms using AI and machine learning against security event data in largescale environments
• Help implement data-driven security analytics, reporting and monitoring initiatives and to support security incident analysis with your technical expertise
• Keep yourself up to date on the security aspects of the products, including infrastructure security, application security and cloud security
• Work with the product management, implementation teams to respond to customer security related issues and help define the security roadmap for implementation
• Develop and maintain threat models and perform frequent threat assessments
• Be an IAM SME to provide guidance and consulting services across teams
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• 8+ years of hands-on technical experience in implementing secure enterprise applications using cloud technologies
• 6+ years of relevant experience in Identity & Access Management and Information Security
• Hands-on working experience with SailPoint, ForgeRock, Ping, Okta, OneLogin, Azure AD or similar IAM products
• Hands-on experience on React/NodeJs & other UI frameworks
• Hands-on developer with great coding skills with best practices. We currently use Java, JavaScript, Spring Boot, Spring Cloud, Kubernetes, AWS
• Hands-on experience with security management of virtual machines, containers, and applications
• Good experience in Threat, Vulnerability & Risk management, Infrastructure security
• Demonstrable experience in Site Reliability Engineering and DDoS mitigation techniques
• Knowledge of SANS Top 20 Critical Security Controls and OWASP Top 10 vulnerabilities
• Deep knowledge of OAuth 2.0, OpenID Connect, SAML 2.0, Identity federation, Single Sign-On, RBAC, ABAC, MFA, RBA
• Extensive knowledge and experience with identity and access management technology, such as single sign-on (SSO), two-factor authentication, privileged access management, etc.
• Working knowledge of Scripting languages (Python and PowerShell)
• Solid working knowledge of Web Application Firewalls, HTTP(s), TCP/UDP, SSL/TLS, Forward and reverse proxies, Load balancers
• Solid understanding and development experience on Java, SpringBoot, RESTful Web Services and Microservices
• Good understanding of the web application architectures, TCP/IP networking, cloud computing and data integrity and confidentiality including cryptographic techniques
• Exposure to AWS services, Lambda & containerization
• Cassandra/any other No-SQL exposure
• Proven ability to lead the design, implementation, and management of the organization’s IAM systems and processes
• Proven solid communication skills and presentation skills, leadership skills, problem solving and analytical skills
• Flexible to work with global teams and working on different time zones

Preferred Qualifications:

• AWS Certifications
• Experience in implementing Security Analytics using AI and machine learning
• Experience in healthcare industry applications development and support
• Knowledge of implementation of technology specifications and/or RFCs
• Knowledge of JavaScript and Single Page Applications
• Working knowledge of containers and orchestration (Kubernetes)
• Good understanding of foundational statistics and its applications along with relevant algorithms used for data analysis
• Good understanding of data science methodologies. Distinguish between descriptive, diagnostic, predictive and prescriptive analytic capabilities and their applications
• Good understanding of SCIM2, U2F/UAF/FIDO2, HOTP, TOTP
• Familiarity with security, privacy and compliance standards such as FISMA, FedRAMP, HIPAA, NIST800-53, NIST800-63 and GDPR

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.