×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Sr Director, Security Engineering; PSIRT - Remote or Hybrid in MN or DC

Remote / Online - Candidates ideally in
Blaine, Anoka County, Minnesota, USA
Listing for: Optum
Full Time, Remote/Work from Home position
Listed on 2026-06-09
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below
Position: Sr Director, Security Engineering (PSIRT) - Remote or Hybrid in MN or DC

Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care's most complex challenges. Your contributions here have the potential to change lives.

Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together.

The Director of PCIRT leads the enterprise's response to product-related cybersecurity incidents across the software development lifecycle. This role is accountable for building and ope rationalising a high-performing team that proactively detects, investigates, and mitigates threats to product integrity, supply chain security, and customer trust. The Director will define the strategic vision for PCIRT, drive cross‑functional alignment, and ensure readiness to respond to emerging threats in real time.

You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities
  • Incident Response Leadership
    • Lead the response to product‑related cyber incidents, including codebase compromise, supply chain vulnerabilities (e.g. NPM, Git Hub), and third‑party dependency risks
    • Oversee the lifecycle of incident management: detection, triage, containment, eradication, recovery, and post‑incident review
  • Strategic Planning & Governance
    • Define the PCIRT North Star and roadmap, including quarterly milestones and key results aligned with business outcomes
    • Develop and maintain incident response playbooks, escalation protocols, and tooling strategies tailored to product environments
  • Threat Intelligence & Detection
    • Integrate threat intelligence into product pipelines to proactively identify risks
    • Collaborate with engineering teams to embed security controls (e.g. secrets scanning, firewall rules, build runner protections) into CI/CD workflows
  • Cross‑Functional Collaboration
    • Partner with Product Management, Engineering, Legal, and Cloud Infrastructure teams to ensure coordinated response and remediation
    • Serve as the connective tissue between ESRO, ETIPS, and business units for secure product delivery
  • Reporting & Communication
    • Provide executive‑level briefings on incident status, impact, and remediation
    • Maintain documentation for audit, compliance, and continuous improvement
  • Team Development & Culture
    • Build and lead a multidisciplinary team of responders, analysts, and engineers
    • Foster a culture of operational excellence, continuous learning, and proactive risk management
Required Qualifications
  • Dual‑Track Technical Tenure: 10+ years of combined experience in Software and Security engineering. They must understand how code is built and shipped (entire SDLC) at scale to effectively tell developers how to fix it
  • Architectural Risk Assessment: 10+ years of experience performing Threat Modeling and deep‑dive code reviews across diverse stacks (e.g., Cloud‑native/K8s, embedded systems, or SaaS) to identify systemic supply chain weaknesses
  • SDLC Governance at Scale: 10+ years of experience implementing and maturing Secure Development Life cycles (SDL), ensuring security checkpoints‑like SBOM generation and SCA scanning‑are automated into the CI/CD pipeline
  • Incident Response Leadership:
    Experience in managing high‑stakes security incidents, with 5+ years specifically focused on Product Security (PSIRT) rather than just internal IT/Corporate security
  • Vulnerability Lifecycle Management: 5+ years of experience overseeing the full lifecycle of CVE (Common Vulnerabilities and Exposures) assignments, from initial researcher report through coordinated disclosure and patch verification
Preferred Qualifications
  • CISSP, GIAC (GREM, GCFA), or equivalent
  • Product security or cloud certifications (e.g. AWS Security, GCP Professional Security Engineer)

All employees working remotely will be required to adhere to United Health Group's Telecommuter Policy.

Pay is based on several factors…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search