Requisition Number: 2359474 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities: - Lead and conduct highly complex security incident investigations across endpoints (memory and disk), network traffic, and cloud environments, including Azure and Microsoft 365 - Perform advanced incident investigation and in depth log analysis by correlating data from multiple sources such as SIEM, EDR, network security devices, and cloud platforms to accurately identify scope and impact - Act as the final escalation point for critical and high severity security incidents, providing expert guidance and decisive incident handling - Conduct static and dynamic malware analysis, including reverse engineering of exploits, and analyze adversary tactics, techniques, and procedures (TTPs) to understand attacker behavior - Map attacker activities and observed behaviors to industry recognized frameworks such as MITRE ATT&CK, NIST to ensure structured analysis and reporting - Perform digital forensic analysis across endpoints (Windows, Linux, and macOS), memory, and network data using established forensic methodologies and tools to support security incident investigations - Execute effective containment actions during incidents, including isolating compromised systems, blocking malicious traffic, disabling accounts, and applying emergency controls to limit spread and impact - Validate that eradication activities are fully completed and ensure affected systems are securely restored to normal operations without residual risk - Prepare comprehensive incident reports detailing timelines, root cause analysis, impact assessment, indicators of compromise (IOCs), and remediation actions taken - Collaborate with Security and Engineering teams to automate repetitive tasks such as alert enrichment, containment workflows, response actions, and ticket creation to improve efficiency and consistency - Leverage internal and external threat intelligence feeds to enrich investigations with contextual insights, including known malicious IPs, domains, threat actor profiles, and attacker methodologies - Work closely with cross functional teams to ensure coordinated and timely execution of incident response activities - Continuously enhance detection and response capabilities by recommending improvements to SIEM and EDR platforms, tuning detection rules, developing better queries, and identifying logging gaps - Handle Priority 1 (P1), Priority 2 (P2) and other critical incidents with urgency, ensuring rapid response, clear stakeholder communication, and minimal business disruption - Monitor and report on key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to measure and improve incident response effectiveness - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: - Undergraduate degree or equivalent experience - 5+ years of hands on experience in Major Security Incident Management, including: - Case management - War room facilitation - Paging / on call coordination - Security bridge management - Solid log analysis experience across multiple security domains, including: - SIEM platforms - Endpoint security - Perimeter/network security - Threat intelligence feeds - Email security solutions - Experience in Sandbox Analysis for malware and suspicious file investigation - Hands-on Digital Forensics experience, including evidence collection, analysis, and reporting - Solid understanding and application of security frameworks, including: - MITRE ATT&CK - MITRE D3FEND - NIST (incident response, security controls, or related standards) - Practical experience with forensic tools, such as: - Magnet AXIOM Forensics - REMnux - X Ways Forensics - EnCase - Forensic Toolkit (FTK) - Or equivalent forensic tools Preferred Qualifications: - Relevant security certifications, such as: - CHFI (Computer Hacking Forensic Investigator) - EnCE (EnCase Certified Examiner) - ACE (AccessData Certified Examiner) - GCFA / GCFE - GIAC Certified Incident Handler (GCIH) - Microsoft Security Operations Analyst Associate (SC 200) - Experience handling major security incident scenarios, such as: - Ransomware attacks - Distributed Denial of Service (DDoS) - Advanced Persistent Threats (APT) - Business Email Compromise (BEC) - Advanced understanding of adversary behavior, including: - Adversary Tactics, Techniques, and Procedures (TTPs) - Cyber Kill Chain methodologies - Expert level application of MITRE ATT&CK and MITRE D3FEND - Solid working knowledge of NIST frameworks, particularly: - NIST 800 61 (Computer Security Incident Handling Guide) - Fundamental understanding of application and networking protocols, including: - Application protocols: HTTP, DNS, FTP, etc. - Networking protocols: TCP, UDP, ARP, ICMP, etc. - Ability to analyze packet capture (PCAP) files using tools such as Wireshark - Knowledge of operating system internals, including: - Virtual memory and paging mechanisms - Malware techniques used to evade detection At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

• Implement and manage identity security controls within Entra ID, including Conditional Access, MFA, and access governance • Support enforcement of least privilege, role-based access control (RBAC), and privileged identity management (PIM) • Monitor identity-related risks, sign-in activity, and access anomalies, and respond to potential threats • Configure and maintain security controls across Microsoft 365 GCC High, Azure Government, and AWS GovCloud • Implement and support Microsoft Defender capabilities across identity, endpoint, and cloud workloads • Implement and maintain Microsoft Purview capabilities including sensitivity labels, DLP policies, and data classification • Monitor, investigate, and respond to security alerts across identity, cloud, and data protection platforms • Support audit readiness activities and assist in responding to compliance inquiries

Role Description SAIC is hiring a Cloud Security Administrator who will play a critical role in ensuring the protection and security of enterprise cloud environments against emerging cybersecurity threats. This role specializes in vulnerability management and solutions design, as outlined in the National Initiative for Cybersecurity Education (NICE) Framework. This position entails investigation and mitigation of vulnerabilities and intrusions, and translating complex results into actionable recommendations. The role requires a deep understanding of cybersecurity challenges, technical problem-solving skills, and the ability to implement robust solutions to meet the organization’s strategic IT and business needs. The Cloud Security Administrator also collaborates extensively with cross-functional teams to design, assess, and implement secure cloud, network, and enterprise architecture solutions. Work involves both technical execution and consultative guidance to ensure compliance with organizational goals, regulations, and future capacity requirements. Additionally, the candidate must meet or exceed the Favorable T3, IT Level Two investigation standards for security clearance. This role is 100% remote. Scope & Impact - Provide technical expertise to ensure robust cybersecurity of enterprise cloud infrastructure. - Contribute to high-priority projects involving sensitive data and critical systems, directly aligning solutions with the organization’s goals and cybersecurity strategies. - Research, evaluate, and recommend cutting-edge tools and techniques for cloud security challenges and introduce them to the enterprise. - Responsible for solutions with significant impact on organizational risk management, compliance, and resilience to cyber threats. Duties and Responsibilities - Advanced Cyber Threat Analysis & Mitigation - Use Vulnerability scanner to identify any threats found within the environments. - Employ log analysis, information gathering, and other tactics to investigate potential breaches. - Policy Compliance & Governance - Ensure cybersecurity solutions and operations align with enterprise IT security policies and comply fully with frameworks such as NIST SP 800-53, FedRAMP, and other regulatory requirements. - Perform risk assessments on cloud services and digital tools, delivering detailed recommendations for continuous improvement. - Documentation and Reporting - Generate technical reports that provide detailed findings on security assessments, incident analyses, and mitigation strategies. - Translate technical results into business-oriented reports for senior management, highlighting risks, outcomes, and solutions in understandable terms. - Collaboration and Stakeholder Engagement - Engage with internal and external stakeholders to address challenging cloud security issues through coordination and technical expertise. - Deliver security training and awareness programs to key personnel on cloud vulnerabilities and best practices. Company Description SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission-critical operations that modernize and enable critical national imperatives. We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.5 billion. For more information, visit saic.com . For ongoing news, please visit our newsroom .

Role Description The Cloud Security & Compliance Architect is responsible for the security architecture, operational security controls, and compliance posture of the organization’s AWS-hosted SaaS platform. This role combines hands-on operational security with strategic responsibility for ensuring the platform meets industry compliance frameworks and security best practices. This position plays a critical role in defining and implementing security standards across the hosted platform including: - Infrastructure security - Access control - Encryption practices - Backup strategies - Regulatory compliance The role will contribute directly to platform security architecture decisions and ensure the platform maintains compliance with SOC 2 and other industry standards. - Design and maintain the security architecture of the AWS-hosted platform - Establish and maintain operational security controls across cloud infrastructure and hosted services - Lead technical decision-making related to platform security standards and security architecture - Implement and monitor AWS security configurations including IAM policies, network security groups, and infrastructure access controls - Ensure encryption standards are maintained for data at rest and data in transit - Maintain and review backup protocols and disaster recovery procedures - Support compliance initiatives including SOC 2 and ISO 27000 series frameworks - Assist in preparation for external security audits and compliance assessments - Monitor system logs and security alerts to identify potential security incidents or vulnerabilities - Manage IP access policies and ensure secure network configurations across environments - Collaborate with engineering and platform teams to integrate security best practices into deployments and infrastructure design - Evaluate new security tools and technologies to improve the platform’s security posture - Support incident response procedures related to security events - Ensure platform operations align with applicable data protection regulations including considerations for GDPR where applicable - Assist in documentation of platform security policies, standards, and procedures - Other related duties as assigned Qualifications - Bachelor’s Degree in Cybersecurity, Information Systems, Computer Science, or related field - Experience securing AWS cloud environments and infrastructure - Strong understanding of cloud security principles including identity management, network security, and encryption - Experience supporting SOC 2 compliance frameworks for hosted SaaS platforms - Experience implementing operational security controls in production cloud environments - Knowledge of vulnerability management and security monitoring practices - Understanding of backup and disaster recovery security requirements - Ability to participate in architectural decisions regarding platform security design - Experience reviewing and improving cloud security posture across multiple services Requirements - Experience with ISO 27001 / ISO 27002 frameworks - Familiarity with GDPR data protection requirements - AWS Security certification or similar security credentials - Experience with cloud security monitoring tools - Familiarity with geospatial platforms or Esri environments - Experience securing large-scale SaaS environments Benefits - This is a remote work from home position