• Act as the primary technical point of contact for the client, driving discussions, defining strategies, and recommending M365 and Security solutions. • Design, implement, and manage complex hybrid Exchange environments (On-Premises + Exchange Online), handling coexistence techniques and appliance requirements during migrations. • Lead SharePoint 2019/SE and SharePoint Online initiatives, with a deep focus on information architecture, taxonomy, content types, and modern search configurations. • Manage hybrid identity environments using Entra ID and Active Directory, alongside endpoint management via Microsoft Intune and Microsoft Teams deployment. • Design and enforce security policies using the Microsoft Defender Suite (Defender for Endpoint, Identity, and Office 365), Microsoft Purview, and advanced Conditional Access policies.

• Support the company in structuring and evolving identity and access management in the cloud, establishing standards and best practices • Design, implement and maintain cloud access profiles applying the principle of least privilege for infrastructure, development, data, security teams and others • Define and manage IAM Roles and Policies specific to each function, ensuring segregation of duties • Define, deploy and support IAM Roles and STS services for both human and non-human access • Support audits and compliance requirements

• Assist with Security and IT related Technical Service Desk tickets • First touch point for user support (investigation/resolution, referral to TSD/Senior team member, etc) • Assist with access control changes, onboarding automation SCIM, and user provisioning / deprovisioning. • Strong hands-on expertise with configuring and administering/ maintaining Atlassian cloud products (JIRA, Service Management, Confluence, etc). • Security and IT administrative tasks related to auditing, access management, and licensing users across various departments. • Responds to, and where appropriate, resolves or escalates security incidents and investigations. • Assist Security and IT and other divisions with ensuring the secure and ethical implementation and operation of AI systems and data within the organization. • Investigates, monitors and reviews SOC and SIEM alerts and network traffic for unusual or suspicious activity or security events, and investigates these as a first level responder. • Provides escalations to tier 2 and tier3 SOC team as needed to assist with investigation of security events. • Assist with developing and maintaining documentation for security systems, services and procedures to support Bitwarden’s security, compliance needs and certification requirements such as ISO 27001, SOC2, HIPAA, and GDPR. • Administer and maintain endpoint protection and overall security and data protection utilizing various technologies such as Endpoint Detection and Response (EDR), Mobile Device Management (MDM), Secure Access Service Edge (SASE), Data Loss Prevention (DLP), DarkOps and Brand protection service, and other security solutions. • Establish and document standardized processes for managing security and IT services and establish secure/hardened system configuration baselines. • Assist with patching and updating and overall vulnerability management to keep all systems and endpoint devices secure and operational with minimal downtime.

Requisition Number: 2353672 Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. We are seeking a Mid-Level Security Operations Engineer (PAM & Certificate Management) to support and operate Privileged Access Management (PAM), Vendor PAM (VPAM), and Certificate Lifecycle / PKI services across enterprise environments. This is a hands-on, operational role focused on securing privileged identities, managing digital certificates, and enforcing strong access controls, cryptographic hygiene, and regulatory compliance. Primary Responsibilities: - Privileged Access Management (PAM / VPAM) - Onboard, manage, and govern privileged accounts within PAM vaults - Administer and enforce password management and access control policies - Monitor, audit, and record privileged sessions - Deploy, configure, and harden PAM platform components - Manage PAM connectors, plugins, and integrations - Implement authentication integrations (LDAP, SAML, RADIUS) - Administer Active Directory security groups for access segregation - Certificate Lifecycle Management & PKI Operations - Manage certificate issuance, renewal, replacement, revocation, and expiration - Proactively monitor certificate health to prevent outages - Troubleshoot certificate trust and validation issues - Support enterprise PKI and Certificate Authority services - Deploy certificates across servers, applications, and network devices - Automation & Operations - Support automation for privileged access and certificate management - Perform basic scripting (PowerShell / Python) - Support incident response for access, certificate, or encryption issues - Compliance & Governance - Enforce least-privilege and Zero Trust principles - Support audits with logs, reports, and evidence - Ensure compliance with enterprise security standards - Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: - Bachelor's degree or equivalent experience - 5+ years of infrastructure or security operations experience - 3+ years hands-on PAM and/or PKI experience - Active Directory administration experience - Solid understanding of privileged access, PKI, TLS/SSL, and X.509 Preferred Qualifications: - Cloud certificate services experience - Relevant security or infrastructure certifications - Experience with Delinea, CyberArk, BeyondTrust, or One Identity - Proven exposure to Vendor PAM (VPAM) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.