Senior Information Security Engineering Analyst

Perimeter Network Pentest Coordinator

As part of the Cyber Defense (CD) organization, the Perimeter Network Pentest Coordinator role is responsible for executing CD strategy for UnitedHealth Group (UHG) and its affiliates through facilitating a complete annual network penetration test, defining scope of the attack surface, identifying ownership of domains and IPs, defining cloud scope, and working with application teams as a subject matter expert throughout the pentest process. Position will also be responsible for working on metrics around the network pentest. The portfolio of services the Ethical Hacking team covers include penetration testing of web apps, networks, entities owned by UHG, and the related technologies processes that enable the team functions to run at scale within a large, heavily segmented Global Fortune 10 company.

Primary Responsibilities:

• Work as part of an agile penetration testing team, empowered to execute objectives in a thorough and timely fashion
• Work independently meeting all deadlines and able to prioritize and rebalance workload with a dynamic application backlog
• Define attack surface scope by partnering with various teams and utilizing attack surface management tools, DNS tools, attestation from AEs
• Automate manual scope processes
• Meet policy and contractual deadlines for network pentest, communicating timelines with leadership
• Communicate with teams and vendors, facilitating the process, establishing meetings, and ensuring tests are completed in timeline outlined in policy and in the vendor statement of work
• Identify ownership of vulnerabilities, and create automated processes, partnering with other teams to ensure reduction in manual effort for future network pentests
• Report vulnerabilities found via vendor pentesting to the vulnerability reporting system, and facilitate retesting in accordance with policy and vendor statement of work
• Effectively communicate successes and obstacles with fellow team members and team lead(s)
• Interface with customer contact(s) and staff in a constructive and professional manner
• Have subject matter expertise in application vulnerabilities, pentesting process, project management, cloud deployment, containerization, and automation
• Ethically operate with appreciable latitude in developing methodology and applying it in the field
• Ability to communicate clearly and effectively through oral or written communication with all levels in the organization
• Ability to initiate, design, execute, complete, and provide metrics on projects independently with minimal direction
• Drive cross-team efforts to address systemic risks across the business
• Act as an overall SME and force multiplier for team through mentoring, education, training, etc.
• Occasionally on-call support is required for the position
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regard to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Undergraduate degree or equivalent experience
• 3+ years of experience in Information Security OR Information Security certification
• Experience with OWASP framework
• Proficiency in at least one scripting language (Perl, Python, Bash, PowerShell, VBA, etc.)

Preferred Qualifications:

• Experience with PowerApps or other automation tools
• Experience with Power BI or other BI metrics and reporting
• Experience in API development
• Experience in AI development
• Experience in project management
• Experience/certification in penetration testing (PenTest+, CEH, etc)
• Experience with Linux, command-line, and Windows Server management