About UHG

Careers at UnitedHealth Group


We have modest goals: Improve the lives of others. Change the landscape of health care forever. Leave the world a better place than we found it. Such aspirations tend to attract a certain type of person. Crazy talented. Compassionate. Driven. To these individuals, we offer the global reach, resources and can-do culture of a Fortune 5 company. We provide an environment where you’re empowered to be your best. We encourage you to take risks and in return, offer a world of rewards and benefits for performance. Exceeding your limits is an exceptional start to your life's best work.SM


Just like you, we are driven by a set of fundamental principles that are guiding our way forward. Our values of integrity, compassion, relationships, innovation, and performance serve as a foundation to transform health care. Are you in? Learn more about your future at UnitedHealth Group at careers.unitedhealthgroup.com


Job Category:

Information Technology



Approximate Salary:

Not Specified

Position Type:

Full Time

IT Principle Cybersecurity Analyst (Security Operation Center) - Chaska, MN or Raleigh, NC

UHG - Raleigh, North Carolina

Posted: 12/10/2018

Ready to raise your game by a quantum leap? At Optum, part of the UnitedHealth Group family of businesses, we're focused on doing things that have not been done yet; helping improve lives in ways that were unthinkable until we thought of them. We've spent decades investing in the technology and information capabilities that help us bring new ideas to market faster. We've developed solutions that are practical today and scalable for tomorrow. And we've created collaborative teams dedicated to innovation across each of our businesses.

This Lead Security Operation Center (SOC) Analyst will be sought out as a technical expert. The successful candidate will lead a security team of analysts around the globe in a 24x7 environment, and will be a knowledgeable, hands-on technical specialist, handling the coordination of complex and detailed technical work necessary to provide comprehensive SIEM monitoring, threat detection, and coordinating incident response within the organization. Mentoring and training of fellow team members is expected as a means of information sharing and skill enhancement of the team as a whole. The continual enhancement and development of organizational processes and standards are also key components of this job role. This person will report to the Security Operations Center Director as part of our Cyber Defense team.

The Cyber Defense (CD) team has identified an opportunity to significantly enhance the effectiveness of our current cyber defenses posture. The value proposition centers on the development of a holistic cyber defense model that requires alignment and integration of key technical resources, security functions and related processes. We are creating a state-of-the-art centralized cyber defense operating model which will manage the security threats across the enterprise effectively and consistently.

Responsibilities of this specific role will include the following:

  • Lead a team of analysts charged with threat monitoring, content development, and incident response support; serve as an escalation resource and mentor for other SOC analysts

  • Monitor and analyze attempted efforts to compromise security protocols. Identify and investigate activities and conduct and provide analyses regarding results.

  • Escalate issues to other Cyber Defense teams.

  • Review SEIM and SBDL logs to identify and report possible security issues.

  • Perform investigations and escalation for complex or high severity security threats or incidents

  • Work with SIEM Engineering and other security partners developing and refining correlation rules

  • Work on complex tasks assigned by leadership, which may involve coordination of effort among multiple teams

  • Author and coordinate security status reports to provide system status, report potential and actual security violations and provide procedural recommendations

  • Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program

  • Ensure that Service Level Agreements are defined, tracked and met across SIEM

  • Develop and support strategic plans and projects to meet Global Security and SOC goals and objectives

  • Drive execution of daily, weekly, and monthly metrics for statistical threats and KPIs

  • Contribute to and maintain Standard Operating Procedures

  • Maintain an in-depth knowledge of common attack vectors, common security exploits, and countermeasures.

  • Maintain a solid working knowledge of Information Security principles and practices.

  • Research the current information security and event monitoring trends, and keep up-to-date with SOC issues, technology, and best practices.

  • Coordinate evidence/data gathering and documentation and review Security Incident reports

  • Assist in defining and driving strategic initiatives

  • Provide recommendations for improvements to Company's Security Policy, Procedures, and Architecture based on operational insights

  • Provide leadership and technical guidance in project planning, task definition, estimating, reporting, scheduling, documentation, and workflow

Required Skills/Experience:

  • 8 or more years of technical experience in Information Security
  • Advanced knowledge and expertise of Security Operation Center management and Incident Response.
  • Ability to conduct multi-step breach and investigative analysis to trace the dynamic activities associated with advanced threats.
  • Practical knowledge of Internet protocols, Firewalls, load balancers, Routers, Switches, intrusion detection/prevention systems (IDS/IPS systems).
  • College degree in related field or equivalent work experience.
  • Experienced in Leading teams /Mentoring other with or without HR accountabilities.

Preferred skills/experiences:

  • Advanced SIEM analysis and Incident Response
  • Advanced knowledge of threat landscape, malware, attack techniques, and indicators
  • Moderate knowledge of Firewall, Proxy, or DLP technology
  • Moderate experience with scripting (Powershell, Python, Javascript, etc.)
  • Moderate knowledge of network or endpoint forensics
  • Security Certifications: GIAC (SANS), ISC2, CompTIA, EC Council, ISACA, Cisco, Microsoft

Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

Apply Now