Job Description

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

Positions in this function are involved in monitoring, evaluating, and maintaining systems and procedures to safeguard internal information systems, networks, databases, and Web-based security. Conduct vulnerability assessments and monitor systems, network, databases and Web for potential system breaches. Respond to alerts from information security tools. Report, investigate, and resolve security incidents. Recommend and implement changes to enhance systems security and prevent unauthorized access. Research security trends, new methods, and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. May oversee internal or external systems security (i.e., cloud services). Ensure that customers and users have the right access to the right systems at the right times.

Primary Responsibilities:

• Conducting penetration tests: Plan, execute, and oversee various types of penetration tests, including network, web application, mobile application, wireless network, and social engineering tests
• Vulnerability assessment: Identify and assess potential vulnerabilities within systems, networks, applications, and infrastructure
• Security assessment: Evaluate the effectiveness of existing security controls and recommend improvements to enhance overall security posture
• Risk analysis: Analyze and prioritize risks based on identified vulnerabilities and potential impact, and provide recommendations to mitigate those risks

Security testing methodologies: Stay up to date with the latest security testing methodologies, tools, and techniques, and apply them effectively during penetration tests * Technical report writing: Prepare detailed reports documenting the findings, vulnerabilities, and recommendations for remediation, ensuring clear and concise communication to technical and non-technical stakeholders

• Client engagement and communication: Interact with clients to understand their security requirements, provide consulting services, and present findings and recommendations in a professional manner
• Security awareness and training: Conduct security awareness sessions and trainings for clients\' employees to educate them about potential security threats and best practices
• Research and development: Continuously stay informed about emerging threats, vulnerabilities, and industry trends, and contribute to the development of new methodologies and tools to improve penetration testing processes

Compliance and regulatory requirements: Ensure that penetration testing activities align with relevant compliance standards and regulations, such as PCI-DSS, HIPAA, or ISO 27001 * Collaboration with teams: Work closely with other teams, such as IT, development, and security operations, to provide guidance on security best practices and assist in remediation efforts.

• Continuous improvement: Identify areas for improvement within the penetration testing process, develop and implement enhancements, and contribute to the overall maturity of the organization\'s security program
• Analyzes and investigates
• Provides explanations and interpretations within area of expertise
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Undergraduate degree or equivalent experience
• Education: A bachelor\'s or master\'s degree in computer science, information security, or a related field is preferred. Relevant industry certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are highly desirable
• Experience: A minimum of 8 years of experience specifically in penetration testing and security assessments is preferred. This experience should include conducting various types of penetration tests, vulnerability assessments, and security audits across different industries and environments
• Technical expertise: Solid knowledge and hands-on experience with penetration testing tools, frameworks, and methodologies, such as Burp Suite, Metasploit, Nmap, Wireshark, OWASP, etc. Proficiency in scripting languages (e.g., Python, PowerShell) and familiarity with programming languages (e.g., Java, C/C++) are also beneficial
• Industry knowledge: In-depth understanding of industry best practices, standards, and frameworks related to information security, such as NIST
• Cybersecurity Framework, OWASP Top Ten, and ISO 27001

Solid analytical skills: Ability to analyze complex systems, identify vulnerabilities, and assess risks effectively. Solid problem-solving skills and attention to detail are crucial for this role * Communication skills: Excellent written and verbal communication skills to effectively communicate technical findings and recommendations to both technical and non-technical stakeholders. Ability to explain complex security concepts in a clear and concise manner

• Client interaction: Experience working directly with clients, understanding their requirements, and providing consultation and guidance. Solid interpersonal skills and the ability to build and maintain positive client relationships are important
• Teamwork and collaboration: Ability to work well in a team environment, collaborate with cross-functional teams, and provide guidance and mentorship to junior team members, if required
• Continuous learning: Demonstrated commitment to continuous learning and keeping up with the latest security trends, vulnerabilities, and industry developments. Active participation in security communities, conferences, or bug bounty programs is a plus
• Ethics and integrity: A solid commitment to ethical hacking practices, maintaining confidentiality, and adhering to professional standards and codes of conduct

Eligibility
To apply to an internal job, employees must meet the following criteria:

• Minimum duration of 12 months of continuous service in their current grade and position
• Performance rating in the last common review cycle of \xe2\x80\x9cMeets Expectations\xe2\x80\x9d or higher
• Not be on any active CAP (Corrective Action Plan) or active disciplinary action

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone\xe2\x80\x93of every race, gender, sexuality, age, location and income\xe2\x80\x93deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes \xe2\x80\x94 an enterprise priority reflected in our mission.

UnitedHealth Group