Career

Qualifications:
• One or more of the following professional certifications: CISA, CISM, CEH, CISSP, or SANS.
• 5+ years of experience in your relevant GRC focus area.
• You have experience in security risk management, controls assessment, or configuration management as appropriate for your area of GRC expertise.
• You have general knowledge across all of GRC, with focused expertise in your area.
•You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
• Experience with regulatory compliance audits such as SOC 2, ISO and PCI DSS.
• Detailed understanding of network security, identity and access management concepts, security certification reports.
• Demonstrated ability to successfully handle client-facing engagements.
• Experience managing risk in a global enterprise Responsibilities.
• Conducts complex cyber intelligence analysis and awareness through collaboration with other internal experts and trusted outside organizations.
• Performs threat analysis utilizing a combination of standard intelligence methods and business processes to uncover advanced threat actors.
• Designs an innovative threat and security incident management solution.
• Creates technical assessments and cyber threat profiles of current events on the basis of inventive collection and research using classified and open information sources to enables advanced threat intelligence.
•Develops and maintains analytical procedures to meet changing requirements and enable more strategic detections.
• Utilizes threat messaging, models, analyses, presentations, or recommendations to convey complicated technical or behavioral analysis to senior management.
• Participates in a coverage model to prevent and remediate security threats against the organization.
• Stays abreast of innovative business and technology trends in IT security, risk, and controls.
• Advices leadership on technology initiatives that support latest trends in IT security, risk and controls
• Ensures effective execution of the risk management framework by managing relationships with key stakeholders within strategic business groups and technology.
• Performs threat analysis utilizing a combination of standard intelligence methods and business processes to uncover advanced threat actors.
• Responsible for conducting deep dives on IT security-related processes and systems.
• Verifies that IT risks are appropriately mitigated and leads multiple stakeholders in agreement on appropriate solutions/controls.
• Responsible for identifying applicable regulatory risks from changes or additions to regulatory guidance and requirements.
• Provides expertise for resolution and risk mitigation.
• Develops, tracks, and reports on Key Risk Indicators (KRIs) for information technology.
• Monitors, tracks, and reports mitigation and resolution of IT risks.
• Performs process-level walkthroughs, control testing, etc. for the identification and assessment of IT risks and controls.
• Effectively communicate key risks, findings, and recommendations for improvement with key stakeholders.

Job description
As part of the Cyber Defense (CD) organization, the Ethical Hacker role is responsible for executing CD strategy for United Health Group and its affiliates through penetration testing, incident support, and subject matter expertise. The portfolio of services includes ethical hacking, penetration testing, and the related technologies and processes that enable the team functions to run at scale within a large, heavily segmented Fortune 5 company. Primary Responsibilities: • Work as part of an agile penetration testing team, empowered to execute objectives in a thorough and timely fashion • Conduct vulnerability assessments on a wide variety of technologies and implementations utilizing both automated tools and manual techniques • Application penetration tests (web, mobile and thick client) • Network penetration tests • API penetration tests • Container Penetration tests • Effectively communicate successes and obstacles with fellow team members and team lead(s) • Create written reports, detailing assessment findings and recommendations • Interface with customer contact(s) and staff in a constructive and professional manner • Have exposure to advanced testing specialties: containerization, automation, wireless/IoT, exploit development, hardware and/or mainframe environments • Ethically operate with appreciable latitude in developing methodology and applying it in the field • Research and analyze known hacker methodologies, system exploits, and vulnerabilities to support methodology development and execution • Ability to communicate clearly and effectively through oral or written communication with all levels in the organization • Ability to initiate, design, execute, complete, and provide metrics on projects independently with minimal direction • Support cross-team efforts to address systemic risks across the business • Conduct business/risk portfolio research and test planning work that encompasses holistic testing efforts • Collaborate with peer team to become a force multiplier through engagement, education, training, etc. • Adapt and adjusts delivery model with agility based on the needs of the business, customer, and evolving security trends Qualifications • 3 s of experience in penetration testing, or 3 s of experience of Red Team testing • Demonstrated technical expertise with network, cloud, and web application penetration testing • Experience with one ssment and exploitation tools including: • Kali Linux • Metasploit • Burp Suite Pro • NMAP • Proficiency in at least one scripting language (Perl, Python, Bash, Power Shell, VBA, etc) Preferred Qualifications: • Penetration testing certification (Pen Test+, CEH, etc) • Experience in Mainframe application and platform penetration testing • Experience in PCI penetration testing • Experience with threat modeling • Undergraduate degree or equivalent experience.