Monitor security alerts from SIEM/EDR, perform triage and log analysis, identify IOCs, escalate incidents, support incident response, maintain detection rules and documentation, and contribute to SOC continuous improvement.
Requisition Number: 2367702
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Primary Responsibilities:
Required Qualifications:
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.
Primary Responsibilities:
- Security Monitoring & Alert Triage
- Monitor security events and alerts from SIEM, EDR, and other security tools
- Perform initial triage of alerts to determine severity and validity
- Identify false positives and escalate confirmed security incidents
- Continuously review dashboards and security feeds for suspicious activity
- Incident Identification & Escalation
- Validate potential security incidents using logs and contextual data
- Escalate confirmed or high-risk incidents to Incident Response or Security Engineering teams
- Follow established escalation procedures and incident severity guidelines
- Assist in maintaining situational awareness during active incidents
- Log Analysis & Investigation Support
- Analyze logs from multiple sources, including:
- Endpoint security tools (e.g., Microsoft Defender, CrowdStrike)
- Network devices (firewalls, IDS/IPS)
- Authentication systems (Active Directory, IAM)
- Correlate events across systems to identify suspicious behavior
- Assist in determining scope and impact of security events
- Analyze logs from multiple sources, including:
- Threat Detection & Analysis
- Identify indicators of compromise (IOCs) such as malicious IPs, domains, and file hashes
- Assist in mapping alerts to attack patterns using frameworks like MITRE ATT&CK
- Support proactive identification of suspicious trends or anomalies
- Contribute to improving detection accuracy by identifying recurring false positives
- Documentation & Reporting
- Document investigation steps, findings, and escalation details clearly and accurately
- Maintain incident records in ticketing and case management systems
- Provide summaries of security events for internal reporting
- Ensure all actions are properly logged for audit and compliance purposes
- Incident Response Support
- Support Incident Response teams during active security incidents
- Assist with basic containment actions under guidance (e.g., account disablement requests, IP blocking recommendations)
- Participate in incident post-mortems and lessons learned sessions
- Follow established playbooks and runbooks during investigations
- Security Tool Usage & Maintenance
- Operate SIEM platforms (e.g., Microsoft Sentinel, Splunk, QRadar)
- Use EDR tools for endpoint visibility and investigation
- Assist in maintaining dashboards, alerts, and detection rules as needed
- Ensure monitoring coverage across all critical systems
- Continuous Improvement & Learning
- Stay current on emerging threats, vulnerabilities, and attack techniques
- Participate in SOC knowledge sharing and training sessions
- Contribute ideas to improve detection, response, and SOC workflows
- Assist in refining playbooks and alerting logic
- Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience)
- 1+ years of experience in IT, cybersecurity, or SOC environments
- Basic understanding of cybersecurity concepts (malware, phishing, network security, etc.)
- Familiarity with SIEM tools (e.g., Splunk, Microsoft Sentinel, Crowdstrike)
- Exposure to endpoint security tools (e.g., Microsoft Defender, CrowdStrike)
- Proven solid analytical and problem-solving skills
- Proven ability to work in a fast-paced, 24/7 monitoring environment (if applicable)
- Proven excellent written and verbal communication skills
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.
Similar Jobs at Optum
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
Lead complex security incident investigations, perform log analysis, conduct malware analysis, create incident reports, and collaborate with teams to improve response capabilities.
Top Skills:
AzureEdrEncaseForensic Toolkit (Ftk)Magnet Axiom ForensicsMicrosoft 365RemnuxSIEMWiresharkX Ways Forensics
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
Design and deploy AI-powered security analytics, build automated ETL pipelines, and create executive Power BI and Power Platform dashboards. Integrate APIs, analyze security datasets to identify trends and anomalies, collaborate with cross-functional security teams, and ensure data integrity across reporting systems.
Top Skills:
AIAPIsETLMachine LearningMicrosoft Power PlatformNlpPower AutomatePower BISmartsheetTableau
Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
Support development and maintenance of Business Continuity and Disaster Recovery plans; conduct BIAs, risk assessments, and dependency reviews; design and run recovery exercises and tabletop simulations; implement AI/automation to improve resiliency and recovery orchestration; maintain documentation, metrics, and recovery knowledge repositories; coordinate incident recovery, stakeholder communications, and remediation tracking; participate in on-call rotation and resiliency training and reporting.
Top Skills:
AIAPIsAutomationAWSAzureDashboardsMass Notification SystemsResiliency Orchestration PlatformsScriptingWorkflow Tools
What you need to know about the London Tech Scene
London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

