Senior Manager Software Engineering

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.  

We are seeking a hands-on Principal Information Security Engineer to join our Chief Data Office team. At CDO we are entrusted with providing strategic oversight and modern data solutions to support UHG in unlocking the true potential of Data. You will play a crucial role in improving our security and vulnerability posture across our data platforms and services by implementing technical controls and developing reusable security tooling that can be automated and repeated. Additionally, you will write comprehensive documentation and best practices to ensure consistent security standards across the organization. If you are passionate about proactive defense and continuous improvement, we want to hear from you. 

Primary Responsibilities:

• Cloud Security Strategy: 
  • Develop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure
  • Perform gap analysis of security and compliance controls, assess the risks, prioritize, and propose remediation plans
  • Research, propose, and implement technical controls in partnership with other Security and Engineering teams that address existing gaps in security, proactively defend against upcoming threats, and enforce the organization’s security policies
• Risk Management: 
  • Identify, assess, and mitigate security risks associated with cloud operations and technologies
  • Remediate security configurations and address root issues
• Compliance: 
  • Ensure compliance with relevant cloud-specific regulations and standards
  • Ensure appropriate network and access controls are in place and actively monitored
  • Implement automated, proactive security checks into the CI/CD pipelines
  • Participate in regulatory and compliance activities as necessary 
  • Monitor the security and compliance posture of the organization
  • Partner with EIS, engineering, product and vendor teams to assess, mitigate and standardize compliance reporting
• Policy Development: 
  • Develop and enforce security policies and procedures specific to cloud operations
  • Develop, document, and communicate security standards and procedures across the engineering teams
  • Advise on secure architecture best practices and design patterns
  • Provide security guidance to engineers and data scientists, and champions good security hygiene
• Collaboration: 
  • Work closely with CDO, Infrastructure, application IT teams and cloud segment leaders to integrate security measures into cloud services and applications
• Policy Development: 
  • Develop and enforce security policies and procedures specific to cloud operations
• Audit and Assessment: 
  • Support security audits and assessments to ensure the effectiveness of security measures within the cloud segment
• Business Partnership: 
  • Foster solid relationships with IT leaders and stakeholders to ensure security measures support and enhance business objectives
  • Collaborate with Line of Business (LOB) IT units to understand their needs and provide tailored cloud security solutions
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Bachelor’s degree in computer science, cybersecurity, information security, a similar technical field, or equivalent professional experience can substitute for a degree
• 8+ years of experience in architecting, supporting, maintaining, configuring, and securing IT infrastructure, data platforms and applications
• 4+ years of experience with MS Azure, GCP  in a production environment
• 3+ years of development experience in IaC using Terraform
• 2+ years of experience with a scripting language like Python 
• Solid experience in security engineering, including areas like network security, application security, and endpoint security 
• Experience with scripting or programming languages like Python, PowerShell, or shell scripting, for automation and security tasks 
• Experience in performing risk assessments and developing mitigation strategies 
• Deep knowledge of major cloud platforms like AWS, Azure, and GCP, including their native security services and tools 
• Proficiency with security tools for vulnerability scanning, penetration testing, compliance monitoring, and other security-related tasks 
• Proven excellent communication and collaboration skills to effectively work with diverse teams and stakeholders 
• Proven solid analytical and problem-solving skills to address complex security challenges 

Preferred Qualifications:

• Advanced knowledge of security automation and orchestration
• Good understanding of networking components and architectures

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes – an enterprise priority reflected in our mission.