Principal Identity Engineer - Remote or Hybrid in MN or DC

UnitedHealth GroupEden Prairie, MN
1dHybrid
Match Resume

About The Position

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. The Enterprise Information Security (EIS) team is responsible for cybersecurity across our organization. We support our business and members by reducing risk, rapidly responding to threats, focusing on business resiliency and securing new acquisitions. The Principal Identity Engineer serves as the senior technical authority for identity security within mergers and acquisitions (M&A) environments. This role is responsible for identifying, prioritizing, and remediating identity-related vulnerabilities and misconfigurations across onprem Active Directory, Microsoft Entra, and other associated identity platforms within acquired entities. This role operates at the intersection of identity engineering, security remediation, and acquisition execution. The Principal Identity Engineer partners closely with acquisition IT teams, Enterprise Security, IAM platform owners, and integration teams to drive measurable improvements in identity posture while providing subject matter expertise throughout the acquisition lifecycle. Success in this role requires deep hands-on identity expertise, the ability to lead remediation efforts through influence, and the discipline to balance speed, risk reduction, and enterprise standards in environments that are often incomplete or inconsistent. You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, Engineering, or equivalent engineering degree
  • 8+ years of experience in identity engineering, directory services, or IAM security roles
  • Hands-on experience with Active Directory (design, security, remediation) and Microsoft Entra or equivalent IDP (identity, access, and protection features)
  • Proven experience remediating identity risks in complex, inherited, or nonstandard environments
  • Demonstrated solid understanding of identity attack paths, privilege escalation, and common directory misconfigurations
  • Demonstrated ability to operate effectively in ambiguous, time constrained environments
  • Ability to travel up to 20%25 (US only) based on acquisition needs
  • Ability to work occasional nonstandard working hours aligned to remediation activities and integration timelines

Nice To Haves

  • Experience supporting M&A or largescale environment integrations
  • Healthcare or other highly regulated industry experience
  • Demonstrated familiarity with identity related security frameworks and guidance (e.g., NIST, Zero Trust principles)
  • Experience partnering with audit, risk, or assurance teams on identity findings
  • Ability to mentor and uplevel engineers on identity security fundamentals
  • Pragmatic and outcome focused, with solid technical judgment
  • Comfortable leading remediation efforts through influence rather than authority
  • Clear, direct communicator who avoids unnecessary complexity
  • Solid sense of ownership for identity risk reduction outcomes
  • Able to balance speed with sustainability in high pressure integration scenarios

Responsibilities

  • Serve as the primary identity security SME for acquisition environments, accountable for identity risk reduction and remediation outcomes
  • Lead identification and remediation of identity vulnerabilities and misconfigurations across:
  • Onprem Active Directory
  • Microsoft Entra or equivalent IDP (ID, Conditional Access, Identity Protection)
  • Hybrid identity configurations
  • Partner with acquisition teams to remediate identity gaps without disrupting clinical, business, or operational continuity
  • Provide clear, actionable identity guidance aligned to enterprise standards while accounting for acquisition constraints
  • Act as a trusted advisor to security and integration leadership on identity risk, remediation sequencing, residual risk decisions, and helping the business understand potential impact to any changes proposed
  • Perform detailed identity security assessments within acquisition environments, including:
  • Active Directory hygiene and trust configurations
  • Privileged access models
  • Authentication and authorization controls
  • Conditional Access and MFA posture
  • Identify, prioritize, and drive remediation of:
  • Critical and high risk identity vulnerabilities
  • Insecure defaults and legacy configurations
  • Excessive privilege and weak administrative controls
  • Define pragmatic remediation plans that balance:
  • Risk severity
  • Business impact
  • Acquisition timelines and constraints
  • Enable core UHG teams to gain visibility into acquisition identity infrastructure & configuration
  • Execute or guide hands on remediation activities in partnership with acquisition IT teams
  • Develop and apply repeatable remediation patterns for common acquisition identity issues
  • Support secure configuration of Microsoft Entra features where appropriate to reduce risk quickly
  • Validate remediation effectiveness and support evidence collection for audit and assurance needs
  • Provide SMElevel identity expertise to:
  • Acquisition security leads
  • Integration teams
  • Enterprise IAM and platform owners
  • Translate complex identity risks into clear, business relevant language for stakeholders
  • Advise on interim, compensating, and long term identity controls where full remediation is not immediately feasible
  • Partner with:
  • Enterprise IAM and Directory Services teams
  • Endpoint and infrastructure security teams
  • Incident response and threat teams as needed
  • Ensure identity remediation activities align with enterprise standards and long term platform direction
  • Escalate systemic identity risks and patterns observed across multiple acquisitions

Benefits

  • In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
  • No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar Principal Identity Engineer - Remote or Hybrid in MN or DC job opportunities

Principal Architect
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN4d • Hybrid
Principal Software Engineer
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN7d • Hybrid
Principal Data Scientist
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN7d • $112,700 - $193,200 • Hybrid
Security Architect
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN6d • Hybrid
Senior Software Engineer
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN1d • Hybrid
Director, Data Science
UnitedHealth Group
UnitedHealth Group • Eden Prairie, MN7d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service