Sr Information Security Engineer - Remote or Hybrid in MN or DC

About The Position

Requirements

• Bachelor’s degree or 5+ years of Technology experience
• 3+ years of experience building relationships across multiple technical teams, stakeholders, and leadership
• 2+ years of hands-on experience in technology and security audit
• 2+ years of working experience with one or more compliance frameworks including NIST (800-53, 800-171), FedRAMP, MARS-e, and HITRUST
• 1+ years of experience with an industry recognized vulnerability management tool, resolving of findings and tracking of remediation plans
• 1+ years of experience interacting with an executive audience

Nice To Haves

• Holds an audit, networking or security certification (CISA, GIAC, ISC2)
• Project Management / Project coordination experience
• Experience with application and system security implementation and remediation
• Broad knowledge of Optum Technology and UHG/Optum/UHC businesses
• Proven excellent interpersonal, oral and written communication skills, including ability to deliver a clear overview of strategy, opportunity and risks
• Proven analytical skills related to application and customer inquiries
• Proven influence and motivate teams that are required to interact with auditors

Responsibilities

• Perform risk and control analysis to identify security risks and remediation plans
• Drive vulnerability remediation with application and technical owners to meet agreed timelines
• Prioritize vulnerabilities by risk, exploitability, and known exploited threats
• Track remediation progress and maintain accurate vulnerability and risk metrics
• Provide guidance on compensating controls and secure remediation approaches
• Maintain and update security risk records and remediation plans
• Develop and execute incident response and disaster recovery tabletop exercises
• Create, maintain, and operationalize incident response plans and procedures
• Support real-time security incident investigations, containment, and recovery
• Evaluate and implement security controls across on‑prem and cloud environments
• Serve as escalation point for complex identity, network, and security issues
• Demonstrate understanding of discovery technologies to identify system vulnerabilities (eg, scanning tools)
• Document risks associated with approved exceptions, define mitigation controls and establish long-term remediation strategies
• Create reports around findings, outstanding risk and advise on next steps of the remediation process
• Define/implement security data management/reporting requirements
• Demonstrate knowledge of applicable IT industry security standards (eg, PCI-DSS, SSAE16, NIST800-53)
• Maintain current knowledge on information security topics and their applicability program requirements

Benefits

• In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
• No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.