Job Components (List the major job responsibilities, accountabilities and key responsibilities in order of priority. Also include any relevant scope measures as they pertain to the duties listed below):
- Support the vision and mission of CDO Assurance.
- Broker a collaborative security culture to the larger Optum community.
- Serves in a leadership capacity, formulating and implementing cybersecurity technology and procedures.
- Solves ambiguous, complex problems with sustainable solutions that will work with a diverse set of customers across multiple cloud service providers.
- Serves as a senior Subject Matter Expert (SME) for approaches, procedures, and implementation of data systems.
- Collaborates with director, managers, project managers, architects, and other technical leads to ensure continuity and communication across teams.
- Mentors and coaches cyber security individuals to provide guidance and expertise, promoting continued integration of technological advances to further enhance security.
- Develops sustainable cloud solution patterns that scale across a diverse and sometimes opposing collection of use cases.
- Participate in customer engagements to understand their challenges and recommend best practices.
- Create best practices that enable Application DevOps teams with the ability to onboard to CDO tool sets providing them with security analysis within the build process and post deployment.
- Coach and advise customers on best practices for building in Azure, GCP, and on-premise cloud solutions.
- Research, investigate, and test new capabilities to help solve customer problems in cloud.
- Build and expand effective relationships with constituent stakeholders – affiliates, audit and compliance, application and platform teams, and the larger EIS.
- Must be well versed in Continuous Integration and Continuous Deployment tools used by modern application development in cloud including Jenkins and GitHub.
- Working knowledge of Kubernetes and at least one of the major cloud service providers – Azure, AWS, or GCP.
- 4 or more years in cyber defense operations which may include 3 or more years demonstrated technical expertise in DevSecOps (ex: Cloud and Container Security and/or securing application pipelines, etc.)
- 4 or more years demonstrated technical expertise in continuous control testing (ex: vulnerability and configuration scanning, application DAST, SAST, and IAST, penetration testing
- Ability to enable security controls and tools that enable DevOps self-service and can scale to thousands of workloads
- You will be asked to perform this role in an office setting, however, may be required to work from home temporarily due to space limitations.
- Employees are required to screen for symptoms using the ProtectWell mobile app, Interactive Voice Response (i.e., entering your symptoms via phone system) or a similar UnitedHealth Group-approved symptom screener prior to entering the work site each day, in order to keep our work sites safe. Employees must comply with any state and local masking orders. In addition, when in a UnitedHealth Group building, employees are expected to wear a mask in areas where physical distancing cannot be attained.
- Ability to leverage best practices from commonly used frameworks to define and mature delivery models (ex: HiTrust, Agile, COBIT, ITIL, etc.)
- Familiarity and/or fluency with devsecops
- BS/BA or equivalent work experience
- Must be well versed in networking, operating systems (e.g. Linux, Windows, etc.), active directory, authorization and authentication, and databases.
- Technical network (e.g. Azure/GCP Architect, CCNP Security) and security certifications desired (e.g. CISA, CISSP, GCIH, CCSK)
- Ability to analyze broader cyber defense environment, apply it to the organization's attack surface, and recommend appropriate action
- Proficient in using Agile/Kanban methodology to track and complete work
- Create User Stories with clearly defined acceptance criteria
- Demonstrated ability to assess new technologies or modifications that improve business outcomes against a set of objective requirements