Senior Information Security Engineer Consultant

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

The Senior Information Security Engineer provides advanced operational support for cloud security technologies involving Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP) policies, including the Microsoft security stack (e.g., O365). This position operates at a senior technical level within a 24/7/365 production environment, supporting the security, availability, and integrity of enterprise systems and data.

The role is responsible for supporting the ongoing operation of cloud security platforms by partnering closely with platform owners and engineering and architectural leads. The individual contributes subject matter expertise while assisting with day to day administration, policy implementation, monitoring, troubleshooting, and continuous improvement of global web, cloud, and data protection controls. Responsibilities include supporting secure web gateway services, traffic steering and PAC file configurations, application based security policies, and cloud access enforcement mechanisms.

The Senior Information Security Engineer functions as a Subject Matter Expert (SME) for operational readiness and sustainment activities, including onboarding new cloud tenants, supporting proxy and SWG functionality, and enabling zero trust access patterns. The role provides senior level operational support for Zscaler Internet Access (ZIA), Zscaler Private Access (ZPA), and Zscaler Digital Experience (ZDX), assisting platform owners with configuration validation, policy troubleshooting, performance issue analysis, and user experience monitoring.

A primary focus of this role is high volume triage and incident analysis. The individual systematically monitors alerts and events generated by security, network, and observability tools; assesses severity and potential impact; and performs detailed analysis to identify root causes, contributing factors, and remediation paths. The role plays a critical part in incident response, including investigation, documentation, escalation, coordination, and closure of security events. This includes participation in and facilitation of war room engagements, working collaboratively across Platform Support, Cyber Defense, NSIS, and network compute teams to diagnose issues and drive timely resolution and recovery.

The position is also responsible for evaluating the effectiveness of existing security controls and recommending enhancements to reduce risk, improve resilience, and prevent unauthorized access or data loss. The individual supports vulnerability identification and analysis efforts and assists in monitoring enterprise systems, networks, databases, endpoints, and web services for potential security threats or operational degradation. Continuous research into emerging threats, attack techniques, and industry trends is required to inform proactive risk mitigation and operational improvements.

This role supports enterprise security governance by contributing to the development, maintenance, and enforcement of information security policies, standards, and procedures. While not serving as the primary owner of platforms, the Senior Information Security Engineer operates in a leadership and influence capacity, providing expert guidance, mentoring, and technical recommendations to peers, partners, and stakeholders, and helping ensure that users and systems have the appropriate access at the appropriate time in alignment with least privilege and zero trust principles.

This position requires the ability to work hours aligned with team operations, typically starting at 8:00 a.m. CST, and includes participation in on call rotations as well as availability for non standard hours to support incident response and operational continuity as needed.

Primary Responsibilities:

• Determine the severity and complexity of issues pertaining to the security and protection of systems data, (either alone or as part of a team), ensuring the protections, conservation, and accountability of proprietary, personal, or privileged electronic data
• Develops and oversees the development of innovative approaches and solutions to complex problems and issues
• Oversees the monitoring and responses to security incidents, offering expertise to ensure prompt and effective resolution
• Provides analysis of and suggested solutions to complex issues, as well as complex conceptual analysis
• Collaborates with director, managers, project managers, architects, and other technical leads to ensure continuity and communication across teams
• Collaborates with director, managers, and other technical personnel to ensure mitigation of risks to the company

• Mentors and coaches cyber security individuals to provide guidance and expertise, promoting continued integration of technological advances to further enhance security

   

• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Bachelor’s degree in information security, Computer Science, Information Systems, or a related technical discipline, or equivalent professional experience as determined by job architecture standards
• 9+ years of experience supporting enterprise scale information security operations within high availability, 24/7/365 environments, performing sustained alert triage, incident investigation, and root cause analysis
• Proven experience supporting Secure Web Gateway (SWG) and proxy environments in partnership with engineering or platform ownership teams, including policy enforcement validation, connectivity troubleshooting, and user impact analysis
• Hands on experience supporting PAC file logic, traffic steering mechanisms, and application based security policies, with the ability to diagnose policy conflicts, routing anomalies, and performance degradation
• Practical experience supporting Zscaler cloud security services (i.e. ZIA, ZDX, ZPA), with responsibility for:
  • Operational triage and alert analysis
  • Policy validation and troubleshooting
  • Connectivity and performance issue investigation
  • Incident response support in coordination with platform owners
• Experience supporting Microsoft 365 security services, including investigation of security alerts and access issues in SaaS environments
• Solid working knowledge of networking and web technologies (HTTP/S, DNS, TLS, latency, routing concepts) sufficient to analyze secure web and application access issues during incidents
• Demonstrated capability to perform high complexity incident analysis, including:
  • Correlating telemetry across multiple security and infrastructure tools
  • Determining severity, scope, and business impact
  • Driving coordinated resolution efforts through escalation and engagement of appropriate SMEs
• Demonstrated ability to operate effectively in cross functional incident response models, collaborating with Cyber Defense, Platform Support, Network, Compute, and Cloud Engineering teams
• Demonstrated ability and willingness to participate in on call rotations and support incident response efforts outside of standard business hours as required by operational needs
• Proven clear evidence of senior level judgment and decision making during incident response, including when to escalate, when to engage engineering teams, and how to communicate risk and status to stakeholders
• Proven solid written and verbal communication skills, particularly for incident documentation, operational reporting, and contribution to runbooks or standard operating procedures

Preferred Qualifications:

• Advanced degree in Information Security, Computer Science, Cybersecurity, or a related technical field
• Professional security certifications such as CISSP, CCSP, CISM, or GIAC (e.g., GCIA, GCIH, GCED), or equivalent demonstrated experience supporting enterprise security operations
• Vendor specific experience or certification related to Secure Web Gateway, cloud security, or zero trust access platforms, including Zscaler training or certifications
• Experience providing senior level operational support for large, globally distributed environments, including exposure to high volume incident queues and sustained triage workloads
• Experience supporting proxy, SWG, or cloud access platforms in environments with complex application portfolios and diverse traffic steering requirements
• Experience supporting zero trust network access (ZTNA) concepts and implementations, including private application access models and identity based policy enforcement
• Experience contributing to runbooks, playbooks, standard operating procedures, or post incident reviews, including documentation of findings, lessons learned, and recommended control improvements
• Experience working in regulated or highly controlled environments, supporting audit, compliance, and governance requirements while maintaining operational effectiveness
• Familiarity with operational observability and digital experience monitoring tools, with the ability to interpret performance data and assist platform owners in identifying systemic or user impacting issues
• Knowledge of networking fundamentals (HTTP/S, DNS, TLS, routing, latency analysis) sufficient to diagnose and communicate web and application connectivity issues during incident response
• Demonstrated ability to perform advanced incident correlation and root cause analysis across multiple telemetry sources, including security alerts, network logs, cloud platform events, and user experience metrics
• Demonstrated ability to serve as a technical escalation resource during incident response activities, providing guidance and analysis to junior engineers or adjacent support teams without direct managerial responsibility

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.