• Perform hands-on Application Security assessments including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and manual code reviews. • Identify, analyze, and remediate vulnerabilities in web, mobile, and API applications (OWASP Top 10, API Security, etc.). • Lead and support Software Supply Chain Security initiatives: Dependency vulnerability management, SBOM (Software Bill of Materials) generation and analysis. • Conduct threat modeling for applications and integration points. • Review and secure build pipelines, container images, and third-party libraries. • Work closely with development, DevOps, and infrastructure teams to embed security into the SDLC. • Monitor and triage security findings from various AppSec tools. • Support Cloud Security posture reviews (basic knowledge required) – IAM, network security, and cloud misconfigurations. • Prepare clear security reports, risk assessments, and remediation guidance for stakeholders. • Stay updated with emerging threats in application security and software supply chain attacks (e.g., SolarWinds, Log4j, dependency confusion).

• In this role you’ll lead the design, architecture, and implementation of enterprise security systems across on-prem and Azure environments • In this role you’ll drive strategic security initiatives and advise leadership on risks, threats, and security posture • In this role you’ll direct complex investigations and incident response efforts, serving as an escalation point for critical security events • In this role you’ll architect, deploy, and manage advanced security tools including Azure-native platforms such as Defender for Cloud and Sentinel • In this role you’ll monitor, detect, and respond to threats across network, endpoint, and cloud environments using automated and manual methods • In this role you’ll perform risk assessments, security testing, and control validations to ensure safeguards are effective and compliant • In this role you’ll partner with business and IT teams to implement secure solutions and enforce access controls and policies • In this role you’ll maintain thorough documentation, reporting, and threat intelligence to support audits, compliance, and continuous improvement

Role Description Optum Insight is improving the flow of health data and information to create a more connected system. We remove friction and drive alignment between care providers and payers, and ultimately consumers. Our deep expertise in the industry and innovative technology empower us to help organizations reduce costs while improving risk management, quality and revenue growth. The Optum Provider Technology Services team is building an innovative, comprehensive Epic services capability using the collective expertise of our clinical, consulting, delivery, technology and operations teams. For you, that means working on high performance teams to leverage the power of technology and services delivery to improve care. Strong candidates for this role will be able to demonstrate self-motivation, individual leadership and team collaboration. Most importantly, our team will foster a culture of diversity and inclusion and drive innovation for our company and our clients. Primary Responsibilities: - Provisions application security levels and user roles - Coordinates security template and role updates following the security change control process - Works with application and compliance teams to design system-level access - Creates and maintains provider records - Understands the Epic software security structures, including user profiles, roles, and security classes - Provisions access to third party applications in accordance with system policies and procedures - Designs and documents the general functional requirements and detailed technical specifications - Ability to troubleshoot technical issues - Provides technical consultation including configuration - Reviews, analyzes, and evaluates systems needs to develop recommendations for customers - Develops, supports and maintains all required system design and build documents and other system documentation - Provides support of application incidents reported through the help desk; including 24/7 on call coverage as required - Adheres to organization standards for system configuration and change control - Develops strong relationships with end user communities, customers and business partners - Attends, participates in, and contributes to meetings throughout the facility - Troubleshoots and/or resolves application issues and escalates more complex issues as appropriate You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in. Qualifications - 1+ year of healthcare experience - 1+ year of customer service experience - Ability to travel per business need (most likely 1-2 times per year) - Intermediate proficiency with MS Excel, Visio, PowerPoint and SharePoint Requirements - Ability to demonstrate and have a history of team management (informal or formal), cross-team communication and leadership skills - Active / current Epic certification in Security - Additional Certification, or proficiency, in either EpicCare Ambulatory or Cadence - Completed Epic CEE (Continued Epic Education) to maintain certifications, proficiencies, and badges - Healthcare domain knowledge such as patient flow, scheduling, registration, authorization, or eligibility or other support functions in a healthcare organization - Reside in greater Nashville, TN or willing to relocate to Nashville Soft Skills - Excellent time management, organizational, and prioritization skills and ability to balance multiple priorities. - Teamwork and Collaboration. Consultative and collaborative style with demonstrated ability with cross-functional teams - Understanding of concepts of confidentiality and data security - Demonstrates the ability to build and maintain strong internal relationships as well as motivate and inspire other team members through strong consultative skills - Demonstrates a strong ability to build partnerships and influence others. Work across team, group and business boundaries to drive commonality and reusability in solution to real-world problems - Demonstrates strong relationship management skills and ability to handle challenging interpersonal situations Benefits - Comprehensive benefits package - Incentive and recognition programs - Equity stock purchase - 401k contribution (all benefits are subject to eligibility requirements) Application Deadline This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

• Promover, divulgar e gerenciar a cultura de Segurança da Informação; • Propor novas melhorias e controles para as políticas, normas e ambientes (local e nuvem); • Auxiliar na correção e controle de vulnerabilidades; • Realizar implantação e melhorias nos Baselines de Hardening; • Configurar e administrar ferramentas e plataformas de segurança (firewalls, WAF, IDS, IPS, SIEM, antivírus); • Manter os processos para conformidade de certificações; • Analisar riscos e propor ações para as vulnerabilidades encontradas; • Planejar/Executar projetos de segurança voltados a infraestrutura e Cloud.