Job Description

Careers with MedExpress. At MedExpress, we believe in delivering quality, convenient, affordable health care and exceeding our patients' expectations. Our neighborhood medical centers are open every day from 8-8 with a full medical team and no appointments necessary to help patients get in, get healthy, and get back to what's really important. We provide a broad scope of services including urgent care, basic wellness and prevention, and employer health services. As part of the Optum and UnitedHealth Group family of businesses, we're working together to help people live healthier lives and to help the health system work better for everyone. You can become part of our elite team almost anywhere with 250 MedExpress centers across the country and two administrative offices in Morgantown, WV and Pittsburgh, PA. Join us and start doing your life's best work.SM

The Information Security Engineer role is responsible for designing, building and defending organizational systems with secure methods, and continuous improvement mentality. This includes helping the organization understand cyber threats, create strategies to protect the environment from such threats, and supporting incident response activities, as well as education of the workforce from a security awareness perspective. This hands-on technical role requires a solid technical foundation, and knowledge in multiple information security domains.

*Has a contagious and positive work ethic, inspires others, and models the behaviors of Genuine, Caring, Friendly.
*Demonstrates effective verbal and written communication that is clear, well-organized, and demonstrates an understanding of audience needs.
*Through genuine and positive communication, makes each customer feel informed, understood, and special.
*An effective team player who contributes valuable ideas and feedback and can be counted on to meet commitments.
*Is able to keep up in the MedExpress environment by facing tasks and challenges with energy and passion.
*Pursues activities with focus and drive, defines work in terms of success, and can be counted on to complete goals.

Security Awareness and Operations
*Act as one of multiple subject matter experts to further evolve the organizational Security Awareness posture, including but not limited to working with the Enterprise Security Awareness teams.
*Work with internal business teams to distribute security awareness material to improve the overall security posture of the organization.
*Support security product maintenance across the platform, including patching, firewall and network configuration management, configuration and enhancement for all organizational security tools.
*Support the Change Advisory Board by keeping security changes documented and approved.
*Support the continuous improvement and development of organizational procedures, processes and inventories.

Risk Assessment and Risk Management
*Assesses, oversees and conducts the periodic integrated risk assessments across the organization and provides reporting to the information security team.
*Enhances IT risk management processes to mitigate risks that could negatively impact the confidentiality, integrity and availability of MedExpress business operations, processes, systems and data.

IT Compliance
*Validates the controls implemented across all centers and administrative offices.
*Formalizes and maintains the security posture in collaboration with Enterprise Information Security teams.
*Provides engineering support for common IT compliance areas e.g. HIPAA, PCI DSS, SOX.
*Participates in periodic IT compliance assessments of key compliance risk areas.
*Coordinates with other enterprise Compliance teams to align strategies and approaches.
*Delivers and continuously improves the Information Security and Risk Management processes - providing guidance and oversight to the functional / business teams and supporting the reporting and mitigation of any findings.

IT Security
*Act as the primary resource to validate security policies and procedures are adhered, including continuous review of various functions such as entitlement review, adherence to HIPAA/HITECH, PCI DSS requirements, and support of Optum Care Information Security and Enterprise Information Security teams.
*Acts as a local contact for security risks, issues, and incidents.
*Supports key security programs for the business, including but not limited to:
*Fraud Prevention, Detection, and Security Investigations
*Security Assessments
*Security Advisements on key business initiatives
*3rd Party Vendor Risk Assessments
*Security Awareness
oTraining organizational workforce on information security standards, policies, and best practices.
*Emergency response planning and execution.
*Security technology deployments.
*Security guidance on technology and implementations.
*Communicates and carries out technical implementations of security solutions required to meet business objectives.
*Conducts periodic scans (network and endpoint) to find vulnerabilities, and works with IT teams to remediate.
*Monitors networks and systems for security threats, through the use of software that detects intrusions and anomalous system behavior.
*Supports incident response, including steps to minimize the impact.
*Installation and maintenance of security products and procedures.
*Validate information security plans, policies and procedures.
*Support automation of security testing tools, and further development of automated testing & validation of applications
Other duties as assigned.
- Undergraduate degree or equivalent experience.
*Bachelor of Science Degree in related technology field preferred.
*In lieu of degree, 4 years of equivalent work experience.
*Solid technical foundation/acumen.

Critical Skills
*Knowledge of Government, Financial, Retail and Healthcare industries and associated regulations are strongly suggested.
oExperience with HIPAA/HITECH, PCI DSS and Sarbanes-Oxley.
oNIST 800-53 Security Frameworks.
*Experience with scripting languages, endpoint detection and response software, intrusion prevention/detection, firewalls or content filtering.
*Knowledge of risk assessment tools, technologies and methods
*Experience and/or willingness to learn security hardening of networks, systems and applications
*Researching ways to improve the organizational security practices and posture, including collaboratively partnering with IT in the capacity of a system administrator, supporting multiple platforms and applications beyond the duties of information security
*The ability to thrive in fast-paced, high-stress situations.
*Detail oriented, and able to handle multiple tasks, prioritize and meet deadlines.

Additional Knowledge & Skills
CISSP, CISA, SANS/GIAC Cybersecurity Certifications, or other similar professional designations.
UnitedHealth Group is working to create the health care system of tomorrow.

Already Fortune 6, we are totally focused on innovation and change. We work a little harder. We aim a little higher. We expect more from ourselves and each other. And at the end of the day, we're doing a lot of good.

Through our family of businesses and a lot of inspired individuals, we're building a high-performance health care system that works better for more people in more ways than ever. Now we're looking to reinforce our team with people who are decisive, brilliant - and built for speed.

Come to UnitedHealth Group, and share your ideas and your passion for doing more. We have roles that will fit your skills and knowledge. We have diverse opportunities that will fit your dreams.

Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.