Requisition Number: 2350055 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities: - Lead and conduct highly complex security incident investigations across endpoints (memory and disk), network traffic, and cloud environments, including Azure and Microsoft 365 - Perform advanced incident investigation and in depth log analysis by correlating data from multiple sources such as SIEM, EDR, network security devices, and cloud platforms to accurately identify scope and impact - Act as the final escalation point for critical and high severity security incidents, providing expert guidance and decisive incident handling - Conduct static and dynamic malware analysis, including reverse engineering of exploits, and analyze adversary tactics, techniques, and procedures (TTPs) to understand attacker behavior - Map attacker activities and observed behaviors to industry recognized frameworks such as MITRE ATT&CK, NIST to ensure structured analysis and reporting - Execute effective containment actions during incidents, including isolating compromised systems, blocking malicious traffic, disabling accounts, and applying emergency controls to limit spread and impact - Acquire digital evidence from compromised environments, including disk images, memory dumps, system logs, and network traffic, using forensically sound methodologies - Maintain a strict chain of custody by ensuring all evidence is properly documented, securely stored, and protected from tampering throughout the investigation lifecycle - Analyze forensic artifacts such as file systems, registry entries, event logs, and memory structures to identify indicators of compromise and malicious activity - Perform memory forensics to detect running processes, injected or malicious code, credential theft mechanisms, and other in memory threats that may not be present on disk - Validate that eradication activities are fully completed and ensure affected systems are securely restored to normal operations without residual risk - Prepare comprehensive incident reports detailing timelines, root cause analysis, impact assessment, indicators of compromise (IOCs), and remediation actions taken - Collaborate with Security and Engineering teams to automate repetitive tasks such as alert enrichment, containment workflows, response actions, and ticket creation to improve efficiency and consistency - Leverage internal and external threat intelligence feeds to enrich investigations with contextual insights, including known malicious IPs, domains, threat actor profiles, and attacker methodologies - Work closely with cross functional teams to ensure coordinated and timely execution of incident response activities - Continuously enhance detection and response capabilities by recommending improvements to SIEM and EDR platforms, tuning detection rules, developing better queries, and identifying logging gaps - Handle Priority 1 (P1), Priority 2 (P2) and other critical incidents with urgency, ensuring rapid response, clear stakeholder communication, and minimal business disruption - Monitor and report on key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to measure and improve incident response effectiveness - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualification: - Major Security Incident Management (Case Management /War Room/Paging/Security Bridge), Log Analysis (SIEM, Endpoint, Perimeter Security, Threat Intel, e-Mail Security), Sandbox Analysis, Digital Forensics, MITRE ATT&CK and D3FEND & NIST, Experience with forensic tools such as Magnet Axiom Forensics, REMnux, X-ways Forensics, EnCase, Forensic Toolkit, etc. Preferred Qualifications: - CHFI, EnCE, ACE, GCFA/GCFE, GIAC Certified Incident Handler (GCIH), Security Operations Analyst Associate (SC-200), Deep understanding of adversary TTPs, cyber kill chain methodologies, and expert-level application of frameworks like MITRE ATT&CK and D3FEND, Strong understanding and knowledge on NIST Framework (NIST 800-61), Handling Major Security Incident Attack Scenerions (such as Ransomware, DDOS, Advanced persistent threat (APT), BEC etc.) - Fundamental understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP, ICMP, etc.), and be comfortable analyzing packet capture (pcap) files in tools such as Wireshark - Knowledge of operating system internals (virtual memory, paging, etc.) and techniques employed by malware to evade detection At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

• Build, lead, and continuously mature Aledade’s Governance, Risk & Compliance program. • Own and maintain the enterprise risk management framework and risk registry, facilitating reviews and reporting to leadership and the Audit Committee. • Lead Aledade’s compliance certification programs, including SOC 2, HIPAA, SOX/ITGC, HITRUST, and CPRA. • Manage audit preparedness and execution for external assessments, ensuring evidence collection and readiness across business and technology teams. • Oversee the Vanta Trust platform, including continuous control monitoring, automation of evidence gathering, and Trust Center management. • Develop and enforce policies and standards, ensuring clarity, adoption, and alignment with frameworks such as NIST, ISO 27001, HIPAA, and AI RMF.

• Coordinate Security Operations Center (SOC) operations, ensuring continuous monitoring, rapid response and alignment with company security policies; • Assess and optimize incident response processes, implementing automation, playbooks and metrics to increase efficiency and reduce response times; • Conduct detailed incident analyses to identify root causes, impacts and propose corrective and preventive measures; • Administer SIEM, SOAR and other monitoring solutions, ensuring integration and effectiveness in threat detection; • Work with cyber defense, GRC, IAM and infrastructure teams to coordinate actions during incidents and improve overall security posture; • Prepare technical and executive reports on incidents, trends and implemented improvements; • Train SOC analysts and other stakeholders on incident response best practices and tool usage; • Stay up to date on new attack techniques, response frameworks (e.g., NIST, MITRE ATT&CK) and market trends.

Information Security Engineer We are seeking an Information Security Engineer to help drive enterprise-level information security initiatives and embed information security across our operations. In this role, you will design, implement, and maintain robust security infrastructure and controls to protect the organization's computer networks, systems, and data from cyber threats. You will build and manage security tools, conduct vulnerability assessments, and respond to security incidents. You will also advise the business on cyber security matters. This is primarily a remote position, with occasional in-person responsibilities held at our Bristol, UK office. The ideal candidate is an experienced security specialist who: - Blends technical skills with business awareness - Comfortable working across multiple areas of security and excited to learn more - Has some familiarity with compliance (PCI, GDPR) and protection (NIST and ISO 27001) frameworks - Partners cross-functionally to drive security, automation, and continuous improvement - Communicates effectively across technical and non-technical stakeholders - Evangelizes a proactive security culture organization-wide Key responsibilities: System Design & Implementation: - Design and deploy secure, scalable and reliable security tools Monitoring & Threat Detection: - Monitor systems for security incidents - Analyze and troubleshoot alerts - Tune alerting systems Incident Response: - Respond to security incidents - Conduct investigations and coordinate cross-functional response - Identify vulnerabilities and/or gaps in security posture - Coordinate and track remediation of any issues identified Vulnerability Management: - Perform regular vulnerability assessments - Identify and remediate weaknesses - Implement and maintain controls aligned with internal standards Penetration Testing: - Coordinate the company’s penetration tests with internal and external stakeholders - Identify, surface, and track issues with the relevant system owners Automation & Scripting: - Develop scripts to automate security tasks and improve efficiency - Identify processes where automation can be leveraged to create efficiencies Security Awareness & Training: - Educate internal teams on security responsibilities, procedures, and controls - Help select appropriate security training modules - Track completion of training requirements Cross-Functional Collaboration & Enablement: - Contribute to creation and updates of security policies and procedures - Engage with stakeholders across Engineering, Product, Legal, and HR to support security initiatives - Support vendor risk and third-party security assessment activities As well as being a part of something exciting everyday, you will also receive the following benefits: - Annual bonus scheme dependent on individual and company performance - Annual salary of £50,000 - £60,000 - 25 days holiday each year (+ bank holidays + 1 day after each year of service with up to a max. of 30 days) - Workplace pension scheme - Private medical insurance (upon 30 days of employment) - 7 hours per day, 35 hours per week - A remote first culture - Great work-life balance with our Flexi-time policy - Family Friendly policies (Enhanced Maternity and Paternity Pay and Shared Parental Leave). - A chance to develop with an allocated company training budget - Bike2Work Scheme - Lifeworks, an Employee Assistance Programme which offers wellbeing, family and financial support services, such as assessments, resources and even 1:1 counselling sessions. It also offers interesting perks such as discounts on gyms, restaurants, high street retailers and cinema tickets - A strong commitment to employee wellbeing including mental health first aiders - Employee referral scheme with generous financial reward - Bonusly colleague reward scheme #LI-Remote Salary range, depending on experience: £50,000—£60,000 GBP