Be an Early Applicant
The Role
The Director of PCIRT leads cybersecurity incident responses, builds a crisis management team, and ensures tools and strategies for threat mitigation in product security.
Summary Generated by Built In
Requisition Number: 2349540
Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care's most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together.
The Director of PSIRT leads the enterprise's response to product-related cybersecurity incidents across the software development lifecycle. This role is accountable for building and operationalising a high-performing team that proactively detects, investigates, and mitigates threats to product integrity, supply chain security, and customer trust. The Director will define the strategic vision for PSIRT, drive cross-functional alignment, and ensure readiness to respond to emerging threats in real time.
You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.
Primary Responsibilities:
You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications:
Preferred Qualifications:
*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.
Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $159,300 to $273,200 annually based on full-time employment. We comply with all minimum wage laws as applicable.
Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.
#BI-Hybrid
Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care's most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together.
The Director of PSIRT leads the enterprise's response to product-related cybersecurity incidents across the software development lifecycle. This role is accountable for building and operationalising a high-performing team that proactively detects, investigates, and mitigates threats to product integrity, supply chain security, and customer trust. The Director will define the strategic vision for PSIRT, drive cross-functional alignment, and ensure readiness to respond to emerging threats in real time.
You'll enjoy the flexibility to work remotely * from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.
Primary Responsibilities:
- Incident Response Leadership
- Lead the response to product-related cyber incidents, including codebase compromise, supply chain vulnerabilities (e.g. NPM, GitHub), and third-party dependency risks
- Oversee the lifecycle of incident management: detection, triage, containment, eradication, recovery, and post-incident review
- Strategic Planning & Governance
- Define the PSIRT North Star and roadmap, including quarterly milestones and key results aligned with business outcomes
- Develop and maintain incident response playbooks, escalation protocols, and tooling strategies tailored to product environments
- Threat Intelligence & Detection
- Integrate threat intelligence into product pipelines to proactively identify risks
- Collaborate with engineering teams to embed security controls (e.g. secrets scanning, firewall rules, build runner protections) into CI/CD workflows
- Cross-Functional Collaboration
- Partner with Product Management, Engineering, Legal, and Cloud Infrastructure teams to ensure coordinated response and remediation
- Serve as the connective tissue between ESRO, ETIPS, and business units for secure product delivery
- Reporting & Communication
- Provide executive-level briefings on incident status, impact, and remediation
- Maintain documentation for audit, compliance, and continuous improvement
- Team Development & Culture
- Build and lead a multidisciplinary team of responders, analysts, and engineers
- Foster a culture of operational excellence, continuous learning, and proactive risk management
You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Required Qualifications:
- Dual-Track Technical Tenure: 10+ years of combined experience in Software and Security engineering. They must understand how code is built and shipped (entire SDLC) at scale to effectively tell developers how to fix it
- Architectural Risk Assessment: 10+ years of experience performing Threat Modeling and deep-dive code reviews across diverse stacks (e.g., Cloud-native/K8s, embedded systems, or SaaS) to identify systemic supply chain weaknesses
- SDLC Governance at Scale: 10+ years of experience implementing and maturing Secure Development Lifecycles (SDL), ensuring security checkpoints-like SBOM generation and SCA scanning-are automated into the CI/CD pipeline
- Incident Response Leadership: Experience in managing high-stakes security incidents, with 5+ years specifically focused on Product Security (PSIRT) rather than just internal IT/Corporate security
- Vulnerability Lifecycle Management: 5+ years of experience overseeing the full lifecycle of CVE (Common Vulnerabilities and Exposures) assignments, from initial researcher report through coordinated disclosure and patch verification
Preferred Qualifications:
- CISSP, GIAC (GREM, GCFA), or equivalent
- Product security or cloud certifications (e.g. AWS Security, GCP Professional Security Engineer)
*All employees working remotely will be required to adhere to UnitedHealth Group's Telecommuter Policy.
Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $159,300 to $273,200 annually based on full-time employment. We comply with all minimum wage laws as applicable.
Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.
At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.
UnitedHealth Group is an Equal Employment Opportunity employer under applicable law and qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.
UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.
#BI-Hybrid
Skills Required
- 10+ years in Software and Security engineering
- 10+ years performing Threat Modeling and code reviews
- 10+ years implementing Secure Development Lifecycles
- Experience managing high-stakes security incidents, 5+ in Product Security
- 5+ years overseeing the lifecycle of CVE assignments
Optum Compensation & Benefits Highlights
-
Healthcare Strength — Health coverage offers multiple plan types with employer HSA contributions, in‑network preventive care at 100%, and included 24/7 virtual visits, alongside dental and vision options. This breadth allows predictable copay choices or tax‑advantaged HSA designs to fit different usage needs.
-
Retirement Support — Retirement programs include a 401(k) with employer match eligibility and full vesting over time plus an Employee Stock Purchase Plan at a discount. Together these elements support long‑term savings and ownership.
-
Parental & Family Support — Family supports include six weeks paid parental leave, paid caregiver leave, adoption assistance, and subsidized Bright Horizons back‑up care. Emotional well‑being resources like a premium Calm subscription and a 24/7 EAP complement these supports.
Optum Insights
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Optum, part of the UnitedHealth Group family of businesses, is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. At Optum, we support your well-being with an understanding team, extensive benefits and rewarding opportunities. By joining us, you’ll have the resources to drive system transformation while we help you take care of your future. We recognize the power of connection to drive change, improve efficiency and make a difference in health care. Join a team where your skills and ideas can make an impact and where collaboration is key to creating technology that produces healthier outcomes.
Gallery
Optum Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Optum has three workplace models that balance the needs of the business and the responsibilities of each role. These models, core on‑site (5 days/week), hybrid (4 days/week) and telecommute or fully remote, vary by country, role and location.
Typical time on-site:
Not Specified
