Sr Info Security Engineering Analyst - Agile / pentester - 2251953
UnitedHealth Group
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.
As part of the Cyber Defense (CD) organization, the Vendor Coordinator role is responsible for managing meetings, applications that need to be tested, the resulting findings, and budget for our Pentest Vendors to further CD strategy for UnitedHealth Group (UHG). The Vendor Coordinator will also support the Non-integrated Entities (NIE)/Acquired Entities (AE) Pentest team by providing logistics support and shipping coordination of onsite assets for the pentesters. The coordinator will refer questions from application teams to the appropriate subject matter experts on the team. The portfolio of services the Ethical Hacking team covers include penetration testing of web apps, networks, entities owned by UHG, and the related technologies/processes that enable the team functions to run at scale within a large, heavily segmented Global Fortune 10 company.
Primary Responsibilities:
- Work as part of an agile team, empowered to execute objectives in a thorough and timely fashion
- Own and be responsible for project delivery (Vendor pentesting) following the Agile methodology, working as an Individual Contributor
- Make presentations to management showing testing progress against goals and available budget, ensure project documentation is accurate and ensure projects are completed on time and within scope
- Ability to communicate with application teams the process involved with a vendor pentest, timelines, requirements, and elevate any technical questions to appropriate SMEs on the Ethical Hacking Team.
- Work with NIE/AE business SMEs to coordinate shipping of onsite testing assets providing updates to both the NIE’s and pentesters
- Interact with Management to understand the requirements and expectations, and deliver with regular status updates
- Pro-actively identify any problems or blockers, communicating them and a plan or required assistance needed to overcome them
- Scope applications for pentesting based on risk factors of the applications using existing risk logic and process
- Communicate with teams and vendors, facilitating the process, establishing meetings, and ensuring tests are completed in timeline outlined in policy and in the vendor statement of work
- Report and communicate vulnerabilities found via vendor and NIE/AE pentesting to the vulnerability reporting system, and facilitate retesting in accordance with policy and vendor statement of work
- Interface with customer contact(s) and staff in a constructive and professional manner
- Ethically operate with appreciable latitude in developing methodology and applying it in the field
- Ability to communicate clearly and effectively through oral or written communication with all levels in the organization
- Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
Required Qualifications:
- Undergraduate degree or equivalent experience
- 4+ years of experience in project management
- Experience/certifications in Information Security
- Proficiency in at least one scripting language (Perl, Python, Bash, PowerShell, VBA, etc.)
Preferred Qualifications:
- Experience with PowerApps or other automation tools
- Experience/certification in penetration testing (PenTest+, CEH, etc.)
- Experience in deployment of remote testing infrastructure with callback capabilities an advantage, including technologies like VPN, proxies, C2
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.