Senior Info Security Engineer

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.   

The Senior Security Engineer is responsible for serving as a Subject Matter Expert (SME) on security across Optum Serve. This role will work as part of the security team to implement and maintain solutions, ensuring alignment with both Enterprise Security and Resilience Office (ESRO) standards and Optum Serve standards. The selected candidate will work to standardize security controls that safeguard networks and systems supporting the U.S. Federal Government, with a specific focus on Incident Response Management (IRM). 

Optum Serve helps federal agencies and communities across the nation tackle some of the biggest challenges in health care. We help our clients and the communities they serve to prevent, prepare for, respond to, and recover from emergencies and long-term public health challenges. 

You’ll enjoy the flexibility to work remotely* from anywhere within the U.S. as you take on these important challenges.  

Primary Responsibilities: 

• Serve as a Subject Matter Expert (SME) on Incident Response Management (IRM), including relevant security toolsets across both cloud and on-premises environments 
• Lead the implementation, integration, and tuning of incident detection, investigation, and response capabilities, collaborating with Optum security teams to ensure timely and effective response to security events
• Evaluate and recommend incident response processes, controls, and tooling for on-premises, cloud, and hybrid infrastructures to enhance organizational IRM readiness and resilience 
• Develop and optimize incident response strategies, workflows, and procedures, applying innovative solutions to complex security incidents and emerging threats 
• Act as a key liaison with Business and IT Groups throughout incident analysis, post-incident review, and security planning, ensuring alignment with organizational risk posture and regulatory requirements 
• Create, test, and maintain IRM-specific playbooks and runbooks, partnering with multifunctional teams to ensure preparedness and consistent, high-quality incident handling 
• Conduct regular security incident simulations and tabletop exercises to validate IRM capabilities and drive continual process improvement 
• Assess vulnerabilities and threat vectors across cloud and on-premises environments, prioritizing risk and ensuring effective incident response and remediation plans are in place 
• Oversee day-to-day IRM operational activities and ensure incident metrics, KPIs, and incident records are accurate, timely, and actionable 
• Maintain up-to-date expertise in incident response best practices, emerging threats, and regulatory requirements to ensure the company’s assets are protected and recoverable after incidents 
• Lead or participate in all phases of the incident response lifecycle, including investigation, containment, eradication, recovery, and lessons learned 
• Provide off-hours support for critical security incidents and participate in the on-call rotation to ensure rapid cross-team response as needed

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications: 

• High School Diploma/GED (or higher)
• At least one industry-recognized information security certification (e.g., CISSP, CISM, CISA, or equivalent) with strong knowledge of incident management practices 
• Incident Response or Security Operations certification(s) (e.g., GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), or equivalent), or demonstrated hands-on incident response leadership in enterprise environments 
• 6+ years of experience working in a large enterprise environment, with demonstrated capability in leading or participating in end-to-end incident response, investigation, and threat containment activities 
• 5+ years of direct experience in information security with a focus on incident response 
• 5+ years of experience implementing and aligning key cybersecurity standards (such as NIST 800-53, NIST 800-171), with extensive hands-on engagement in incident response planning and execution 
• 3+ years of experience with certification and accreditation processes, such as NIST Risk Management Framework (RMF), DIACAP, or equivalent federal/regulatory compliance frameworks, with direct involvement in mapping incident response requirements to controls and documentation 
• 2+ years of experience in vulnerability and threat management (network, application, system, cloud), specifically incorporating vulnerability exploitation, detection, analysis, and coordinated response as part of the IRM function
• United States citizenship 
• Ability to obtain and maintain a suitability or determination of eligibility for a Confidential/Secret or Top Secret security clearance

Preferred Qualifications: 

• Demonstrated ability to prepare and deliver executive-level written communications and presentations related to security incidents, incident response metrics, and post-incident reviews 
• Experience supporting federal security programs (such as DoD, VA, DHS), with direct involvement in incident response, breach reporting, or regulatory compliance for incident management 
• Experience leveraging ServiceNow Security Operations (SecOps) and Integrated Risk Management (IRM) modules to streamline incident response processes, track security events, and manage risk workflows across cloud and on-premises environments 
• Prior military service, particularly in cyber operations, computer network defense, or security incident management roles 
• Experience with endpoint security platforms in the context of threat detection, containment, and incident response 
• Proficiency with tools for vulnerability identification, assessment, and prioritization as part of coordinated incident response efforts
• Familiarity with tools to map and contain privileged access and lateral movement 
• Experience monitoring and managing network security devices to detect, contain, and analyze incidents at the network level 
• Practical experience incorporating data loss prevention (DLP) into IRM processes 
• Experience with multi-cloud environments (such as Azure, AWS, Google Cloud), including ability to lead or support incident response efforts across diverse platforms 

*All Telecommuters will be required to adhere to UnitedHealth Group’s Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives. The salary for this role will range from $89,900 to $160,600 annually based on full-time employment. We comply with all minimum wage laws as applicable. 

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. 

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants. 

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location, and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups, and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. 

UnitedHealth Group is a drug – free workplace. Candidates are required to pass a drug test before beginning employment.

#RPO #GREEN