Role Description The Security Program Manager – Mergers & Acquisitions (ESRO) role operates with a high degree of autonomy, leads program level strategy and outcomes, and provides executive level visibility into progress, risks, and impact. As a Security Program Manager, you are accountable for the end-to-end delivery of a complex security program composed of multiple projects, workstreams, and stakeholders. The role emphasizes strategy, governance, measurable outcomes, and executive transparency, rather than day-to-day task execution. You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. Primary Responsibilities - Program Leadership & Strategy: - Lead and implement the security program strategy supporting mergers and acquisitions, aligned to enterprise security standards and risk priorities. - Define and maintain roadmaps for multiple concurrent workstreams, milestones, and delivery sequencing across acquired entities. - Translate enterprise security direction into actionable, measurable program outcomes. - Governance & Accountability: - Establish and operate program governance, including decision forums, escalation paths, and risk management. - Own cross workstream dependencies, tradeoffs, and prioritization decisions. - Ensure consistent execution and adoption of security standards across diverse stakeholders. - Executive Communication & Transparency: - Provide executive ready communications on program status, risks, dependencies, and outcomes. - Develop and maintain KPIs and success metrics that demonstrate progress and risk reduction. - Serve as a trusted partner to senior security, technology, and business leaders. - Cross Functional Partnership: - Partner with security, technology, and business teams to drive alignment and execution. - Guide and influence delivery teams without direct authority, ensuring accountability through governance and transparency. - Support integration efforts by aligning acquired entities to enterprise security expectations. Qualifications - Bachelor’s Degree in IT or Business or related field. - 7+ years of program management experience in an enterprise setting. - 5+ years of overall experience in cybersecurity, information security, or IT risk management. - 5+ years experience in security program management or leading security initiatives. - 5+ years experience managing cross functional teams. Preferred Qualifications - Masters Degree. - PMP Certification. Requirements - All employees working remotely will be required to adhere to UnitedHealth Group’s Telecommuter Policy. Benefits - Comprehensive benefits package. - Incentive and recognition programs. - Equity stock purchase. - 401k contribution (all benefits are subject to eligibility requirements). Application Deadline This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

Elite Red Team Position This is not a mid-level role. This is not for lab-only testers. This is not compliance penetration testing. We are looking for operators who have personally executed real exploitation during professional engagements, not just vulnerability identification. Core Responsibilities Lead and execute advanced Red Team operations against enterprise environments. Simulate real-world attackers by performing: • Initial access exploitation• Privilege escalation• Credential harvesting• Active Directory attacks• Lateral movement across systems• Persistence techniques Achieve validated SYSTEM (Windows) or root (Linux) compromise during authorized Red Team exercises. Demonstrate realistic business impact through controlled exploitation scenarios. Document attack paths and produce clear technical reports describing: • exploitation methodology• attack chain progression• affected systems• business risk and remediation recommendations Mandatory Technical Requirements Candidates must demonstrate proven offensive security capability, including: • At least 10 real OS-level shell or RCE compromises personally executed during authorized engagements. • Experience executing multi-stage attack chains, including: Initial accessPrivilege escalationCredential harvestingLateral movement • Strong post-exploitation capability beyond initial shell access. • Practical experience exploiting enterprise Active Directory environments. Active Directory Attack Experience Candidates must demonstrate familiarity with common enterprise AD attack paths, including: KerberoastingAS-REP RoastingACL abuseNTLM relay attacksDCSync attacks Understanding of privilege escalation paths within Active Directory is expected. Post-Exploitation Capability Strong experience performing post-exploitation activities such as: • system enumeration• credential extraction• privilege escalation• lateral movement• persistence mechanisms Operators must be capable of continuing exploitation after initial access is obtained. Important Clarification The required exploitation experience must come from authorized professional environments, including: • enterprise penetration testing engagements• Red Team adversary simulation exercises• internal enterprise testing infrastructure The following do NOT count toward the required exploitation experience: HackTheBoxTryHackMeCTF challengesbasic lab environments Candidates must demonstrate real exploitation depth, not platform achievements. Technical Validation Process All candidates undergo a structured technical validation process before interviews. Initial evaluation includes: • written technical discussion• exploit chain explanations• scenario-based technical responses Voice or video interviews are conducted only after the technical validation stage is successfully completed. Required Experience Minimum 5+ years of hands-on offensive security experience, including professional work in: • Red Team operations• enterprise penetration testing• adversary simulation engagements Strong understanding of: • Active Directory attack paths• Kerberos abuse techniques• privilege escalation methods• credential harvesting techniques• lateral movement strategies Communication Requirements Strong written and spoken English communication skills. Candidates must be able to clearly explain: • the vulnerability exploited• how exploitation was performed• the resulting system compromise• the potential business impact Application Requirements Serious applicants only. Applications should include: • descriptions of real exploitation scenarios• technical write-ups (if available)• GitHub or research links (optional) Candidates unable to demonstrate real exploitation depth will not proceed. How to Apply Apply through our careers page: https://sentrabytedigitalsolusi.com/careers or send your application to: hr@sentrabytedigitalsolusi.com Before applying, please ensure you can clearly describe: 1. At least one exploitation scenario where you achieved OS-level shell access. 2. The exact access vector used. 3. The privilege level obtained. 4. Post-exploitation actions performed. Applications without technical detail will not be reviewed.

Role Description The Security Engineer I – IT Auditor will report to the Audits and Assessments Security Engineering Manager in the Technology Department. This role is responsible for assessing the design and testing operating effectiveness of general computer controls and application controls and will also be responsible for conducting third-party (vendor) risk assessments for vendors and other external partners. Work collaboratively with control operators. Assess the risk posed by potential findings and present the findings to the 3rd Party Auditors and senior management. The IT Auditor will also need to stay aware of emerging technologies and risks. - Perform third-party (vendor) risk assessments, including reviewing security and compliance documentation, identifying control gaps, tracking remediation items, and communicating results to stakeholders. - Assist in planning audits, executing audit work, and preparing audit reports. - Develop a keen understanding of IT risks and control activities for information systems, technical infrastructure, data centers, computer operations, and key applications. - Perform general and application control reviews for simple to complex computer information systems, like Linux, Windows, and databases such as SQL Server, Oracle, and cloud platforms such as Azure. - Provide recommendations to improve control posture and strengthen IT processes identified through the course of audits and control testing. - Prepare and present written and oral issues/reports and other technical information in a pertinent, concise, and accurate manner for distribution to management. - Keep abreast with new technologies and IT control frameworks such as NIST Cyber Security Framework, NIST 800-171 publications, and Cloud Security Frameworks. - Other duties as assigned. Qualifications - Minimum required: 1-3 years of applicable experience in internal or external IT auditing, or security compliance and/or relevant experience in information technology. - Bachelor’s Degree in Information Technology, Cybersecurity or related field with focus on information systems preferred. - Technical Certifications a plus. - Experience with a leading internal/external IT audit professional firm. - Knowledge of the Financial Services Industry preferred. Requirements - Possess a combination of technology, security, and analytics skills. - Intellectual curiosity to find new and unusual ways of how to solve cyber security issues. - Ability to approach cyber security challenges while keeping an eye on what is important. - Experience interpreting, analyzing, and maintaining systems. - Ability to create and maintain respectful, strong working relationships with both IT and business units to integrate security principles with business operations. - Strong client service orientation. - Ability to prioritize, plan and take initiative and be highly self-motivated. - Strong verbal and written communication skills; positive attitude; ability to work as a team member. - Experience in a high availability environment preferred.

• Be the Identity Security Guru • Architect and Define Solutions • Own the Technical Delivery • Strategic Client Engagement • Proactive Problem Solving • Drive Expansion & Adoption • Technical Enablement • Internal Collaboration • Operational Excellence