Senior Cybersecurity Analyst

Requisition Number: 2347614
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
As a senior member of the Security Incident Response Team, you will lead the detection, triage, containment, eradication, and recovery of cybersecurity incidents across on-prem and cloud environments. You will act as a technical authority during major incidents, drive continuous improvement through post-incident reviews, and partner with engineering, risk, and compliance teams to strengthen the organization's overall security posture.
Primary Responsibilities:

• Incident Detection, Response & Recovery
  • Own and manage the full incident response lifecycle: identification, triage, containment, eradication, recovery, and closure
  • Analyze and correlate alerts from SIEM and security telemetry (e.g., Splunk, EDR, email, proxy, DLP, cloud-native logs)
  • Lead response for high-severity incidents and security breaches, including ransomware, data exfiltration, insider threats, and cloud compromise
• Incident Command & Collaboration
  • Act as a technical incident lead or deputy incident commander during major incidents and war rooms, ensuring clear communication and timely decision-making
  • Collaborate with IT, Cloud, Engineering, Legal, Risk, Privacy, and Business teams to ensure coordinated containment and remediation
  • Engage with vendors, MSSPs, and external partners during escalated incidents when required
• Cloud & Modern Infrastructure Security
  • Investigate and respond to incidents across cloud platforms (Azure, AWS, GCP), including IAM abuse, misconfigurations, exposed services, and compromised workloads
  • Partner with engineering teams to improve cloud detection, logging, and preventive controls based on incident learnings
• Threat Analysis, Forensics & Lessons Learned
  • Perform root cause analysis and forensic investigations to determine attack vectors and blast radius
  • Conduct post-incident reviews and lessons-learned sessions, driving measurable improvements in tooling, playbooks, and response times
  • Maintain high-quality incident documentation and executive-ready reporting
• Process, Automation & Readiness
  • Develop, refine, and maintain incident response playbooks, runbooks, and SOPs aligned with industry best practices
  • Contribute to tabletop exercises, purple-team activities, and simulations to test readiness and identify gaps
  • Identify opportunities for automation and orchestration (SOAR, scripting) to improve detection and response efficiency
• Risk, Compliance & Governance
  • Support ISO 27001, HITRUST, and regulatory audits with evidence, incident metrics, and control validation
• Demonstrate solid understanding of risk acceptance, risk exceptions, and vulnerability management in the context of incident response
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Solid5+ years of hands-on experience in Security Operations / Incident Response / SOC roles
• SolidProven experience handling major security incidents in enterprise environments
• SolidSolid expertise in SIEM, log analysis, and security monitoring
• SolidSolid understanding of attack techniques, malware, OWASP Top 10, MITRE ATT&CK, and common threat vectors
• Working knowledge of ITIL processes (Incident, Problem, Change) as applied to security incidents

Preferred Qualifications:

• SolidCISSP, GCED/GCIA/GCIH, Security+, CEH
• SolidCloud certifications: AZ-900 / AWS Security / GCP Security
• SolidExperience with cloud-native security and large-scale distributed environments
• SolidExposure to SOAR platforms, scripting (Python/PowerShell), or automation in IR workflows
• SolidExperience operating in 24x7 global incident response teams
• Ability to translate technical findings into business and executive-level impact

Competencies for High Performers

• SolidCalm and decisive under pressure
• SolidSolid ownership and accountability mindset
• SolidExcellent written and verbal communication
• SolidProcess-driven with a continuous improvement approach
• Collaborative, mentor-oriented team player

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
#njp