Information Security Engineer Consultant

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.

Primary Responsibilities

• Lead and conduct highly complex security incident investigations across endpoints (memory and disk), network traffic, and cloud environments, including Azure and Microsoft 365
• Perform advanced incident investigation and in depth log analysis by correlating data from multiple sources such as SIEM, EDR, network security devices, and cloud platforms to accurately identify scope and impact
• Act as the final escalation point for critical and high severity security incidents, providing expert guidance and decisive incident handling
• Conduct static and dynamic malware analysis, including reverse engineering of exploits, and analyze adversary tactics, techniques, and procedures (TTPs) to understand attacker behavior
• Map attacker activities and observed behaviors to industry recognized frameworks such as MITRE ATT&CK, NIST to ensure structured analysis and reporting
• Execute effective containment actions during incidents, including isolating compromised systems, blocking malicious traffic, disabling accounts, and applying emergency controls to limit spread and impact
• Acquire digital evidence from compromised environments, including disk images, memory dumps, system logs, and network traffic, using forensically sound methodologies
• Maintain a strict chain of custody by ensuring all evidence is properly documented, securely stored, and protected from tampering throughout the investigation lifecycle
• Analyze forensic artifacts such as file systems, registry entries, event logs, and memory structures to identify indicators of compromise and malicious activity
• Perform memory forensics to detect running processes, injected or malicious code, credential theft mechanisms, and other in memory threats that may not be present on disk
• Validate that eradication activities are fully completed and ensure affected systems are securely restored to normal operations without residual risk
• Prepare comprehensive incident reports detailing timelines, root cause analysis, impact assessment, indicators of compromise (IOCs), and remediation actions taken
• Collaborate with Security and Engineering teams to automate repetitive tasks such as alert enrichment, containment workflows, response actions, and ticket creation to improve efficiency and consistency
• Leverage internal and external threat intelligence feeds to enrich investigations with contextual insights, including known malicious IPs, domains, threat actor profiles, and attacker methodologies
• Work closely with cross functional teams to ensure coordinated and timely execution of incident response activities
• Continuously enhance detection and response capabilities by recommending improvements to SIEM and EDR platforms, tuning detection rules, developing better queries, and identifying logging gaps
• Handle Priority 1 (P1), Priority 2 (P2) and other critical incidents with urgency, ensuring rapid response, clear stakeholder communication, and minimal business disruption
• Monitor and report on key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to measure and improve incident response effectiveness
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so
  
  

• Major Security Incident Management (Case Management /War Room/Paging/Security Bridge), Log Analysis (SIEM, Endpoint, Perimeter Security, Threat Intel, e-Mail Security), Sandbox Analysis, Digital Forensics, MITRE ATT&CK and D3FEND & NIST, Experience with forensic tools such as Magnet Axiom Forensics, REMnux, X-ways Forensics, EnCase, Forensic Toolkit, etc.
  
  

• CHFI, EnCE, ACE, GCFA/GCFE, GIAC Certified Incident Handler (GCIH), Security Operations Analyst Associate (SC-200), Deep understanding of adversary TTPs, cyber kill chain methodologies, and expert-level application of frameworks like MITRE ATT&CK and D3FEND, Strong understanding and knowledge on NIST Framework (NIST 800-61), Handling Major Security Incident Attack Scenerions (such as Ransomware, DDOS, Advanced persistent threat (APT), BEC etc.)
• Fundamental understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP, ICMP, etc.), and be comfortable analyzing packet capture (pcap) files in tools such as Wireshark
• Knowledge of operating system internals (virtual memory, paging, etc.) and techniques employed by malware to evade detection