Security Engineer - Certificate Mgt​/PKI - Remote or Hybrid from MN or DC

Security Engineer – Certificate Mgt/ PKI

Position . Remote or Hybrid from Minnesota or Washington, D.C. Eligible to work remotely from anywhere in the U.S. Employees in Minneapolis or Washington, D.C. must work in office 4 days per week. Telecommuter Policy applies to remote employees.

As part of Optum’s Enterprise Information Security (EIS) team, you will drive adoption of the enterprise certificate lifecycle management platform across new acquisitions and partner with IT support teams to migrate and support digital certificate usage. Responsibilities include providing operational support, training, automation, and on‑call support for the enterprise certificate management platform.

• Direct point of contact for acquired entities for public domain name and digital certificate migration, management, and automation
• Develop and distribute communications and training materials and conduct training sessions
• Provide operations support for the enterprise certificate lifecycle management platform based on the Cyber Ark enafi Certificate Management Datacenter and Cloud platform, including Optum’s core network and the special restricted network enclave
• Provide operational support for the UHG public domain name portfolio, including migration, acquisition, and divesting activities
• Collaborate with the team to engineer continuous service improvement and new features
• Support customer use of digital certificates leveraging best practices and automation
• Provide innovative solutions to automate repetitive tasks
• Participate as an independent contributor within an agile-based team
• Participate in a 24x7 on‑call rotation supporting certificate operations
• Leverage enterprise‑approved AI tools to enhance productivity and innovation through workflow streamlining and automation
• Evaluate emerging trends to drive continuous improvement and strategic innovation

• 2+ years of Windows Server administration experience
• 2+ years of Unix/Linux Server administration experience
• 2+ years of general network experience with emphasis on DNS, firewall, and proxy knowledge
• 2+ years of enterprise application platform operational support experience
• 1+ year of PKI, certificate management, or related experience working with x.509 digital certificates
• Scripting and automation experience leveraging Power Shell, Python, or other scripting languages
• Experience with certificate lifecycle management platforms, with emphasis on Venafi products
• Ability to participate in on‑call rotation

• Undergraduate degree in an applicable field of study or equivalent experience
• CISSP or other security‑related certification
• General Identity and Access Management technology experience
• Experience implementing digital certificates in applications, containers, or other platforms

Pay range: $91,700 to $163,700 annually, based on experience, location, and other factors. Benefits include a comprehensive benefits package, incentive programs, equity stock purchase plan, and 401(k) contributions (subject to eligibility requirements).

Final date to receive applications:
This posting will remain open for at least 2 business days or until a sufficient candidate pool is collected. The posting may close early due to volume of applicants.

United Health Group is an Equal Employment Opportunity/affirmative action employer under applicable law. Qualified applicants will receive consideration without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations.

United Health Group is a drug‑free workplace; candidates are required to pass a drug test before beginning employment.