AppSec Jobs
← Back to all jobs

UnitedHealth Group

Senior Information Security Engineer - Remote or Hybrid in MN or DC

Eden Prairie, MNWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About UnitedHealth Group

UnitedHealth Group is a leading global healthcare company based in Minnetonka, Minnesota. It operates as the largest health insurer in the United States, with two main divisions: UnitedHealthcare, which offers health insurance plans, and Optum, which provides healthcare services, technology, and pharmacy benefits. Founded in 1974, the company has grown significantly through acquisitions and now holds a substantial share of the U.S. health insurance market. UnitedHealthcare offers a variety of health insurance plans, including HMOs and Medicaid services, while Optum focuses on pharmacy benefit management, medical research, and healthcare technology. The company employs around 440,000 people worldwide and ranks among the largest healthcare companies in the Fortune 500. UnitedHealth Group has established partnerships with major organizations, including serving as the insurance provider for the American Association of Retired Persons (AARP) and working with numerous Fortune 100 companies.

Industry

hospital & health care

Employees

400,000

6965 engineers

Revenue

$448B

Website

Visit →

Security at UnitedHealth Group

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • UnitedHealth Group emphasizes a comprehensive security program designed to meet and exceed customer needs.
  • The philosophy centers on adherence to established secure practices, with vulnerabilities managed based on their potential impact and known threats.
  • The company is committed to collaborating with the information security community while maintaining strict program boundaries.
  • Risk-based prioritization of vulnerabilities by exploitability and known exploited threats drives decision-making.

Security Team

  • The AppSec function resides within the Enterprise Information Security (EIS) team, which maintains broad responsibility for the organization's cybersecurity.
  • Key leadership includes Tim McKnight (EVP & CISO) and Jason Morgan (Director of Cyber Security).
  • The team focuses on vulnerability remediation coordination, risk prioritization, and cross-functional technical ownership.
  • Active AppSec job postings demonstrate commitment to expanding the security engineering team.

Key Initiatives

  • UnitedHealth Group mandates security checks during the development phase as part of their 'shift left' approach.
  • The vulnerability management process includes formal reporting channels (though no bug bounty program is offered), with engineers tasked with cross-team coordination to remediate issues.
  • Secure coding and source code management practices are required standards.
  • Recent initiatives include the appointment of new security leadership to drive program evolution.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.