Cybersecurity Analyst – Hybrid in MN

About the position Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. The Insider Risk Analyst is responsible for detecting, analyzing, and investigating potential insider‑driven risks to UnitedHealth Group’s people, data, and systems. This role supports the Insider Risk Program by monitoring user activity, identifying anomalous or concerning behavior, conducting investigations, and partnering with cross‑functional stakeholders to mitigate risk while ensuring privacy, legal, and policy compliance. The analyst will leverage technical data sources, behavioral indicators, and investigative techniques to assess risk, support casework, and contribute to the continuous improvement of insider risk detection and response capabilities. If you reside in Minnesota, you’ll enjoy the flexibility to telecommute as you take on some tough challenges. You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear directions on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Responsibilities

• Monitor and analyze user activity, system logs, and alerts to identify potential insider risk indicators, including data exfiltration, misuse of access, policy violations, or negligent behavior
• Perform analytical triage of insider risk alerts generated from enterprise security tools (e.g., SIEM, DLP, endpoint, identity, and email systems)
• Establish baseline user behavior and identify deviations that may indicate insider risk activity
• Conduct insider risk investigations by collecting, correlating, and analyzing data from multiple technical and non‑technical sources
• Document investigative findings, timelines, and conclusions in accordance with Insider Risk Program procedures and records‑retention requirements
• Prepare clear, concise investigative summaries and risk assessments for leadership and stakeholders
• Analyze logs, email activity, file access, web activity, and authentication events to support investigations
• Assist with digital forensic data collection and analysis in support of insider risk cases, as appropriate
• Develop, maintain, and refine queries, dashboards, and analytical workflows to improve detection efficiency and investigative quality
• Partner with HR, Legal, Compliance, Employee Relations, Privacy, and Information Security teams during insider risk reviews and investigation
• Support escalation and coordination with Enterprise Information Security for incidents requiring broader security response
• Participate in insider risk working groups and contribute to program governance activities
• Contribute to the development and enhancement of insider risk policies, procedures, and standard operating processes
• Assist in defining insider risk indicators, metrics, and reporting to support program maturity
• Support audits, assessments, and program evaluations related to insider risk management

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Criminal Justice, or a related field or equivalent practical experience
• 3+ years of experience in cybersecurity
• 3+ years of experience in security analysis, investigations, insider risk, threat analysis, or digital forensics
• 2+ years of experience with working knowledge of security logs, user activity monitoring, and investigative techniques
• 2+ years of experience of documenting findings clearly and communicate effectively with both technical and non‑technical audiences
• Strong analytical and critical‑thinking skills with the ability to assess risk objectively
• Demonstrated ability to handle sensitive information with discretion and professionalism

Nice-to-haves

• Experience supporting an insider risk, fraud, compliance, or digital forensics program
• Hands‑on experience with SIEM platforms (e.g., Splunk, Sentinel), DLP tools, endpoint security, or identity monitoring
• Familiarity with insider risk frameworks and best practices (e.g., CERT Insider Threat, NIST CSF)
• Experience collaborating with HR, Legal, Privacy, or Employee Relations teams
• Knowledge of privacy, data protection, and employee monitoring considerations in a regulated environment

Benefits

• a comprehensive benefits package
• incentive and recognition programs
• equity stock purchase
• 401k contribution

Apply tot his job Apply To this Job