Software Engineer

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

This position will design, build, and maintain AWS based automation, internal services, and tooling in Python, including tests and clear documentation.

You will enjoy the flexibility to telecommute* from anywhere within the U.S. as you take on some tough challenges.

Primary Responsibilities:

• Provide limited, short-term operational support for the legacy HashiCorp Vault environment, focusing on stability, incident response, and "keep-the-lights-on" maintenance during its decommissioning phase
• Lead the migration of secrets and encryption workflows from HashiCorp Vault to AWS Secrets Manager and AWS Key Management Service (KMS), ensuring secure, efficient, and disruption-free transitions for application and infrastructure teams
• Design, build, and maintain secure CI/CD pipelines that integrate automated testing, security scanning, and policy enforcement for application and infrastructure changes
• Define and manage AWS infrastructure as code using Terraform, applying reusable modules and safe deployment practices for networking, compute, storage, and security resources
• Partner with the enterprise Compliance and Security teams to implement security initiatives across approximately 81 applications within the UHC Consumer Engineering organization, ensuring best practices are applied to improve security posture and compliance scores
• Execute security visibility objectives to raise MBO scores toward ≥90% targets, track progress and drive adoption of security controls across the portfolio
• Advance enterprise CI/CD security adoption by implementing required pipeline controls, enabling automated blocking of critical vulnerabilities, and achieving ≥95% adoption goals
• Automate security posture and vulnerability reporting to provide actionable insights for engineering teams and support internal governance requirements
• Collaborate with application, infrastructure, and security teams to design secure, observable AWS architectures for containerized and serverless workloads (ECS, Fargate, Lambda)
• Participate in the on-call rotation for DevSecOps tooling, responding to incidents and implementing improvements to strengthen security and reliability
• Contribute to enterprise AI initiatives by developing secure, compliant AI capabilities, helping shift the organization toward building AI solutions rather than solely consuming them

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• 5+ years of professional software engineering experience in a production environment, including building automation tools or platform services using Python, with clean, tested, and maintainable code
• 2+ years of experience leading the design, development, and deployment of medium-complexity features or services
• 2+ years of hands-on work experience with AWS core services (IAM, VPC, EC2/ECS, Lambda, S3, RDS) and monitoring/logging tools such as CloudWatch and CloudTrail in a production setting
• 2+ years of experience building and maintaining CI/CD pipelines with automated testing, security scans, policy enforcement, and infrastructure as code using Terraform or similar tools
• 2+ years of applying DevSecOps practices, including secrets management (Vault or similar), security scanning, dependency checks, and configuration validation to ensure secure deployments
• 2+ years of experience working with observability tools and methods for distributed systems, including structured logging, metrics, alerting, and troubleshooting, along with knowledge of identity and access control principles such as least privilege and role-based access
• 1+ years of experience working directly with production systems, including participation in on-call rotation, and proven ability to collaborate effectively across engineering and security teams

Preferred Qualifications:

• Experience managing HashiCorp Vault in production, including configuring authentication methods, policies, KV and transit engines, performing upgrades, and handling migrations
• Experience working with container and serverless workloads on AWS (ECS, Fargate, Lambda) and applying security and observability best practices to those environments
• Experience improving security and compliance metrics for cloud accounts or applications, including automating vulnerability and configuration reporting
• Experience with security and compliance tools such as static analysis scanners, dependency and container scanning solutions, or cloud security posture management platforms
• Experience writing reusable Terraform modules and supporting multi-account AWS environments
• Hands-on participation in incident response for security events or large-scale dependency vulnerabilities
• AWS certifications such as AWS Certified Developer - Associate or AWS Certified Solutions Architect - Associate
• HashiCorp Certified Vault Associate or similar Vault-related certification.
• Security-focused certifications (e.g., CompTIA Security+, GIAC) are a plus but not required

*All Telecommuters will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $72,800 to $130,000 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. 

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location, and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups, and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.

#RPO #GREEN