Senior Cybersecurity Analyst

Optum is a global organization that delivers care, aided by technology, to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities.

Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together.

The Insider Senior Cybersecurity Analyst is responsible for detecting, analyzing, and investigating potential insider‑driven risks to United Health Group’s people, data, and systems. This role supports the Insider Risk Program by monitoring user activity, identifying anomalous or concerning behavior, conducting investigations, and partnering with cross‑functional stakeholders to mitigate risk while ensuring privacy, legal, and policy compliance.

This analyst will leverage technical data sources, behavioral indicators, and investigative techniques to assess risk, support casework, and contribute to the continuous improvement of insider risk detection and response capabilities.

If you reside in the state of MN, you will enjoy the flexibility of a hybrid‑remote role as you take on some tough challenges.

• Monitor and analyze user activity, system logs, and alerts to identify potential insider risk indicators, including data exfiltration, misuse of access, policy violations, or negligent behavior
• Perform analytical triage of insider risk alerts generated from enterprise security tools (e.g., SIEM, DLP, endpoint, identity, and email systems)
• Establish baseline user behavior and identify deviations that may indicate insider risk activity

• Conduct insider risk investigations by collecting, correlating, and analyzing data from multiple technical and non‑technical sources
• Document investigative findings, timelines, and conclusions in accordance with Insider Risk Program procedures and records‑retention requirements
• Prepare clear, concise investigative summaries and risk assessments for leadership and stakeholders

• Analyze logs, email activity, file access, web activity, and authentication events to support investigations
• Assist with digital forensic data collection and analysis in support of insider risk cases, as appropriate
• Develop, maintain, and refine queries, dashboards, and analytical workflows to improve detection efficiency and investigative quality

• Partner with HR, Legal, Compliance, Employee Relations, Privacy, and Information Security teams during insider risk reviews and investigations
• Support escalation and coordination with Enterprise Information Security for incidents requiring broader security response
• Participate in insider risk working groups and contribute to program governance activities

• Contribute to the development and enhancement of insider risk policies, procedures, and standard operating processes
• Assist in defining insider risk indicators, metrics, and reporting to support program maturity
• Support audits, assessments, and program evaluations related to insider risk management

You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Criminal Justice, or a related field
• 5+ years of experience in cybersecurity
• 5+ years of experience in security analysis, investigations, insider risk, threat analysis, or digital forensics
• 3+ years of experience working knowledge of security logs, user activity monitoring, and investigative techniques
• 3+ years of experience of documenting findings clearly and communicating effectively with both technical and non‑technical audiences