Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together

Primary Responsibilities:

Monitor and analyze security alerts from SIEM platforms (Microsoft Sentinel, Splunk, LogRhythm) Conduct advanced threat hunting and incident analysis to detect anomalies and suspicious activities Investigate security incidents and recommend mitigation strategies Lead the incident response lifecycle, including identification, containment, eradication, and recovery Document and communicate incident findings and lessons learned Develop playbooks and workflows for effective incident handling using Splunk SOAR Monitor and analyze attempted efforts to compromise security protocols. Identify and investigate activities and conduct and provide analyses regarding results Collaborate with other Cyber Defense teams Review SIEM alerts and logs to identify and report possible security issues Serve as an escalation resource and mentor for other SOC analysts Perform investigations and escalation for complex or high severity security threats or incidents Work across the organization to define, develop, and refine correlation rules Participate in writing security status reports to provide system status, report potential and actual security violations and provide procedural recommendations Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program Participate in developing and supporting strategic plans and projects to meet Global Security and SOC goals and objectives Maintain an in-depth knowledge of common attack vectors, common security exploits, and countermeasures Maintain a solid working knowledge of Information Security principles and practices Research the current information security and event monitoring trends, and keep up to date with SOC issues, technology, and industry best practices Coordinate evidence/data gathering and documentation and review Security Incident reports Assist in strategic initiatives Provide recommendations for improvements to security operational monitoring and incident response procedures based on operational insights Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

5+ years of experience building use cases and performing log analysis using technology like KQL, Splunk, AlienVault, Q-radar etc. 5+ years of SOAR/Scripting experience using Python, PowerShell etc. 5+ years of experience in incident detection and response 5+ years of previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms Security certifications (e.g. Security+, Network+, Cloud+, AZ-900 (Microsoft Azure Fundamental), SC-200 (Microsoft Security Operations Analyst, etc.) Willing to work in a team-oriented 24/7 environment; schedule flexibility as needed to work with a global team
Optimize the use of automation tools (Splunk SOAR, Microsoft Defender) to improve response times and reduce manual effort Knowledge of ITIL and ticketing systems like ServiceNow

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone - of every race, gender, sexuality, age, location and income - deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Diversity creates a healthier atmosphere: Optum is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

Optum is a drug-free workplace. © 2025 Optum Global Solutions (Philippines) Inc. All rights reserved.