Cybersecurity Analyst - Hybrid in MN

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities.

Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

The Insider Risk Analyst is responsible for detecting, analyzing, and investigating potential insider‑driven risks to United Health Group's people, data, and systems. This role supports the Insider Risk Program by monitoring user activity, identifying anomalous or concerning behavior, conducting investigations, and partnering with cross‑functional stakeholders to mitigate risk while ensuring privacy, legal, and policy compliance.

The analyst will leverage technical data sources, behavioral indicators, and investigative techniques to assess risk, support casework, and contribute to the continuous improvement of insider risk detection and response capabilities.

If you reside in Minnesota, you'll enjoy the flexibility of a hybrid-remote position
* as you take on some tough challenges. This position follows a hybrid schedule with four in-office days per week.

Primary Responsibilities

Insider Risk Detection & Analysis

* Monitor and analyze user activity, system logs, and alerts to identify potential insider risk indicators, including data exfiltration, misuse of access, policy violations, or negligent behavior.

* Perform analytical triage of insider risk alerts generated from enterprise security tools (e.g., SIEM, DLP, endpoint, identity, and email systems).

* Establish baseline user behavior and identify deviations that may indicate insider risk activity.

Investigations & Case Management

* Conduct insider risk investigations by collecting, correlating, and analyzing data from multiple technical and non‑technical sources.

* Document investigative findings, timelines, and conclusions in accordance with Insider Risk Program procedures and records‑retention requirements.

* Prepare clear, concise investigative summaries and risk assessments for leadership and stakeholders.

Technical & Forensic Support

* Analyze logs, email activity, file access, web activity, and authentication events to support investigations.

* Assist with digital forensic data collection and analysis in support of insider risk cases, as appropriate.

* Develop, maintain, and refine queries, dashboards, and analytical workflows to improve detection efficiency and investigative quality.

Cross‑Functional Collaboration

* Partner with HR, Legal, Compliance, Employee Relations, Privacy, and Information Security teams during insider risk reviews and investigations.

* Support escalation and coordination with Enterprise Information Security for incidents requiring broader security response.

* Participate in insider risk working groups and contribute to program governance activities.

Program & Process Improvement

* Contribute to the development and enhancement of insider risk policies, procedures, and standard operating processes.

* Assist in defining insider risk indicators, metrics, and reporting to support program maturity.

* Support audits, assessments, and program evaluations related to insider risk management.

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

* Bachelor's degree in Cybersecurity, Information Security, Computer Science, Criminal Justice, or a related field

* 3+ years of experience in cybersecurity

* 3+ years of experience in security analysis, investigations, insider risk, threat analysis, or digital forensics

* 2+ years of experience with working knowledge of security logs, user activity monitoring, and investigative techniques

* 2+ years of experience of…