Principal Identity Engineer - Remote or Hybrid in MN or DC

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.  

The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions.

The Principal Identity Engineer serves as the senior technical authority for identity security within mergers and acquisitions (M&A) environments. This role is responsible for identifying, prioritizing, and remediating identity-related vulnerabilities and misconfigurations across onprem Active Directory, Microsoft Entra, and other associated identity platforms within acquired entities.

This role operates at the intersection of identity engineering, security remediation, and acquisition execution. The Principal Identity Engineer partners closely with acquisition IT teams, Enterprise Security, IAM platform owners, and integration teams to drive measurable improvements in identity posture while providing subject matter expertise throughout the acquisition lifecycle.

Success in this role requires deep hands-on identity expertise, the ability to lead remediation efforts through influence, and the discipline to balance speed, risk reduction, and enterprise standards in environments that are often incomplete or inconsistent.

You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

Key Accountabilities 

• Serve as the primary identity security SME for acquisition environments, accountable for identity risk reduction and remediation outcomes 
• Lead identification and remediation of identity vulnerabilities and misconfigurations across:  
• Onprem Active Directory 
• Microsoft Entra or equivalent IDP (ID, Conditional Access, Identity Protection) 
• Hybrid identity configurations 
• Partner with acquisition teams to remediate identity gaps without disrupting clinical, business, or operational continuity 
• Provide clear, actionable identity guidance aligned to enterprise standards while accounting for acquisition constraints 
• Act as a trusted advisor to security and integration leadership on identity risk, remediation sequencing, residual risk decisions, and helping the business understand potential impact to any changes proposed 
  

Core Responsibilities 

Identity Assessment & Remediation 

• Perform detailed identity security assessments within acquisition environments, including:  
• Active Directory hygiene and trust configurations 
• Privileged access models 
• Authentication and authorization controls 
• Conditional Access and MFA posture 
• Identify, prioritize, and drive remediation of:  
• Critical and high risk identity vulnerabilities 
• Insecure defaults and legacy configurations 
• Excessive privilege and weak administrative controls 
• Define pragmatic remediation plans that balance:  
• Risk severity 
• Business impact 
• Acquisition timelines and constraints 
  

Engineering & Execution 

• Enable core UHG teams to gain visibility into acquisition identity infrastructure &  configuration 
• Execute or guide hands on remediation activities in partnership with acquisition IT teams 
• Develop and apply repeatable remediation patterns for common acquisition identity issues 
• Support secure configuration of Microsoft Entra features where appropriate to reduce risk quickly 
• Validate remediation effectiveness and support evidence collection for audit and assurance needs 
  

Advisory & Enablement 

• Provide SMElevel identity expertise to:  
• Acquisition security leads 
• Integration teams 
• Enterprise IAM and platform owners 
• Translate complex identity risks into clear, business relevant language for stakeholders 
• Advise on interim, compensating, and long term identity controls where full remediation is not immediately feasible 
  

Cross Team Collaboration 

• Partner with:  
• Enterprise IAM and Directory Services teams 
• Endpoint and infrastructure security teams 
• Incident response and threat teams as needed 
• Ensure identity remediation activities align with enterprise standards and long term platform direction 
• Escalate systemic identity risks and patterns observed across multiple acquisitions

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

• Bachelor's degree in Information Security, Computer Science, Engineering, or equivalent engineering degree
• 8+ years of experience in identity engineering, directory services, or IAM security roles 
• Hands-on experience with Active Directory (design, security, remediation) and Microsoft Entra or equivalent IDP (identity, access, and protection features) 
• Proven experience remediating identity risks in complex, inherited, or nonstandard environments 
• Demonstrated solid understanding of identity attack paths, privilege escalation, and common directory misconfigurations 
• Demonstrated ability to operate effectively in ambiguous, time constrained environments
• Ability to travel up to 20% (US only) based on acquisition needs
• Ability to work occasional nonstandard working hours aligned to remediation activities and integration timelines

Preferred Qualifications:

• Experience supporting M&A or largescale environment integrations 
• Healthcare or other highly regulated industry experience 
• Demonstrated familiarity with identity related security frameworks and guidance (e.g., NIST, Zero Trust principles) 
• Experience partnering with audit, risk, or assurance teams on identity findings 
• Ability to mentor and uplevel engineers on identity security fundamentals

Soft Skills:

• Pragmatic and outcome focused, with solid technical judgment 
• Comfortable leading remediation efforts through influence rather than authority 
• Clear, direct communicator who avoids unnecessary complexity 
• Solid sense of ownership for identity risk reduction outcomes 
• Able to balance speed with sustainability in high pressure integration scenarios

*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $112,700 to $193,200 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.  

UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.