The Work We are seeking a Senior Cybersecurity Engineer with deep experience supporting the Risk Management Framework (RMF) and Authorization to Operate (ATO) lifecycle for federal information systems. This role focuses on STIG compliance, vulnerability management, POA&M tracking, and incident response for high‑impact systems operating in classified environments. Key Responsibilities - Provide end-to-end RMF and ATO support, including development, maintenance, and submission of security authorization packages. - Manage and maintain eMASS artifacts, ensuring accuracy, completeness, and audit readiness. - Conduct and oversee STIG compliance activities across operating systems, databases, and platforms; document findings and remediation actions. - Identify, track, and manage Plans of Action and Milestones (POA&Ms), coordinating with technical teams to drive remediation to closure. - Perform and review vulnerability assessments using tools such as Nessus and STIG scanning utilities; analyze results and recommend mitigation strategies. - Support incident response activities, including investigation, reporting, and coordination with security leadership and stakeholders. - Develop and update RMF documentation such as SSPs, SARs, RARs, and continuous monitoring artifacts. - Collaborate with ISSOs, ISSEs, system owners, developers, and program leadership to ensure ongoing compliance with federal and DoD cybersecurity requirements. - Support continuous monitoring activities and ATO renewals in accordance with NIST, DoD, and agency-specific guidance. Required Qualifications - 10+ years of experience supporting RMF / ATO processes for federal information systems. - Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related field. - Active Top Secret / SCI clearance. Preferred Qualifications - Preference to candidates who has experience supporting DCSA or a federal agency. - Relevant cybersecurity certifications (e.g., CISSP, CISM, CAP, CEH, or Security+). - Hands-on experience with eMASS, including package creation and ongoing maintenance. - Strong working knowledge of STIG compliance, vulnerability scanning, and remediation processes. - Experience managing and reporting POA&Ms through resolution. - Familiarity with Nessus and other vulnerability assessment and STIG scanning tools. - Experience supporting or participating in incident response efforts within a classified or regulated environment. - Solid understanding of NIST RMF and federal cybersecurity compliance requirements. - Background working in classified cloud or hybrid environments. - Experience with continuous monitoring and ATO sustainment activities. - Familiarity with DISA STIGs, ACAS, or similar DoD-aligned security tools. Working at ICF ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy. We will consider for employment qualified applicants with arrest and conviction records. Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.  Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. Candidate AI Usage Policy At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.   Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $118,807.00 - $201,971.00 DC Remote Office (DC99)

• Responsible for acting as a team lead and providing internal expertise in collaboration with various cross-functional project teams. • Conducts security assessments and audits to identify cybersecurity risks within the company's networks, applications and operating systems. • Helps secure and protect the Network Infrastructure: Routers, Switches, Optical Devices, L2 Datacenter and cabling, Strand Mounted devices, Secure Routing protocols, DOCSIS plant (CMTS/vCMTS/PON), SDN, best practice device configuration, network automation, monitoring and troubleshooting.

Requisition Number: 2353705 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. As a Consultant in Manual Access Provisioning, you will be responsible for overseeing and executing manual processes related to user access management within our organization. You will work closely with various stakeholders to ensure that user access is granted, modified, or revoked in accordance with established policies and procedures. Primary Responsibilities: - Work with Optum Connect/OITPS Leaders to understand and define the Manual Access Provisioning objectives, commitments, roadmaps specific to each client as well as under managed services (shared teams) - Review and process access requests from users and departments. Validate the accuracy and completeness of request information - Ensure compliance with access control policies and procedures. Coordinate with relevant stakeholders to obtain necessary approvals - Manage access rights and privileges, including role-based access control (RBAC) and attribute-based access control (ABAC) - Execute manual provisioning tasks using established tools and procedures. Create, modify, or revoke user accounts in various systems. Assign appropriate roles, permissions, and entitlements. Document all provisioning activities - Conduct regular access reviews to identify and remove unused or unnecessary access rights - Certify that user access is aligned with current job roles and responsibilities. Implement corrective actions as needed to address access anomalies - Ensure compliance with internal access control policies and external regulations. Identify and address potential security risks related to access provisioning. Provide guidance and training to users and departments on access management best practices - Collaborate with IT teams, business units, and security departments to understand their access requirements - Build and maintain positive relationships with stakeholders. Provide timely and accurate information on access provisioning activities - Mentor a team of analysts, providing guidance, support. Assign tasks, monitor progress, and ensure deadlines are met. Foster a collaborative and productive work environment - Conduct in-depth data analysis to uncover insights and support decision-making. Utilize advanced analytical techniques and tools to extract meaningful information from large datasets PAM - Manage end-to-end Privileged Access Management (PAM) operations, including onboarding and administration of privileged accounts, enforcement of password policies, session recording, monitoring, logging, and auditing activities across PAM platforms (Delinea, CyberArk, One Identity, BeyondTrust) - Design, deploy, and harden PAM infrastructure, performing installation, configuration, and security hardening of all PAM components (Vault, Secret Server, Password Manager, Session Manager, PTA, HA, Backup) in line with security best practices and client requirements - Implement authentication and directory integrations, including LDAP, SAML, RADIUS, and Active Directory, ensuring proper account onboarding, access segregation through security groups, and enforcement of privileged access controls - Administer connectors, plugins, and security policies, troubleshooting PAM integrations, managing custom plugins, enforcing AppLocker rules, and ensuring secure and continuous connectivity to target systems - Collaborate with cross-functional security and IT teams, providing expertise and recommendations to strengthen privileged access security, while ensuring compliance with organizational policies, procedures, and employment terms - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: - Bachelor's degree in computer science, Information Technology, or equivalent - 8+ years of experience in identity and access management, with a focus on manual provisioning - Experience with various identity and access management tools and systems - Solid understanding of Identity Access Management concepts - Proficiency in data analysis tools and techniques (e.g., SQL, Python, R, Excel) - Proven excellent organizational and time management skills - Proven excellent problem-solving and analytical skills - Proven solid communication and interpersonal skills Preferred Qualifications: - Certifications in identity and access management or security - Experience with automated provisioning tools and workflows - Knowledge of industry standards and regulations related to access management (e.g., GDPR, HIPAA) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

• Design, build, and maintain detection-as-code capabilities across cloud infrastructure, SaaS applications, endpoints, and identity systems, improving coverage and signal quality through Data-Driven Decision Making • Build automated investigation and response workflows that replace manual runbooks, leveraging AI First principles to scale triage, enrichment, containment, and remediation • Develop and deploy AI/LLM-powered tooling to accelerate investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints, embedding AI First practices into daily workflows • Lead and participate in incident response, including detection, investigation, containment, and retrospectives, applying First Principles Problem Solving to identify root causes and improve long-term resilience • Partner cross-functionally with engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle • Continuously improve detection quality by analyzing alert performance, tuning for signal, and building feedback loops between incidents and detections using Data-Driven Decision Making • Proactively identify gaps in visibility or coverage and translate ambiguous problem spaces into concrete detection and response solutions through First Principles Problem Solving • Adapt quickly to evolving threats, tools, and priorities, helping the team maintain momentum and effectiveness through Change Agility