Sr Director, Product Cyber Incident Response Team (PCIRT) - Remote
About the position Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care’s most complex challenges. Your contributions here have the potential to change lives. Ready to build the next breakthrough? Join us to start Caring. Connecting. Growing together. The Director of PCIRT leads the enterprise’s response to product-related cybersecurity incidents across the software development lifecycle. This role is accountable for building and operationalising a high-performing team that proactively detects, investigates, and mitigates threats to product integrity, supply chain security, and customer trust. The Director will define the strategic vision for PCIRT, drive cross-functional alignment, and ensure readiness to respond to emerging threats in real time. You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week. You’ll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.
Responsibilities
- Incident Response Leadership
- Lead the response to product-related cyber incidents, including codebase compromise, supply chain vulnerabilities (e.g. NPM, GitHub), and third-party dependency risks
- Oversee the lifecycle of incident management: detection, triage, containment, eradication, recovery, and post-incident review
- Strategic Planning & Governance
- Define the PCIRT North Star and roadmap, including quarterly milestones and key results aligned with business outcomes
- Develop and maintain incident response playbooks, escalation protocols, and tooling strategies tailored to product environments
- Threat Intelligence & Detection
- Integrate threat intelligence into product pipelines to proactively identify risks
- Collaborate with engineering teams to embed security controls (e.g. secrets scanning, firewall rules, build runner protections) into CI/CD workflows
- Cross-Functional Collaboration
- Partner with Product Management, Engineering, Legal, and Cloud Infrastructure teams to ensure coordinated response and remediation
- Serve as the connective tissue between ESRO, ETIPS, and business units for secure product delivery
- Reporting & Communication
- Provide executive-level briefings on incident status, impact, and remediation
- Maintain documentation for audit, compliance, and continuous improvement
- Team Development & Culture
- Build and lead a multidisciplinary team of responders, analysts, and engineers
- Foster a culture of operational excellence, continuous learning, and proactive risk management
Requirements
- Dual-Track Technical Tenure: 10+ years of combined experience in Software and Security engineering. They must understand how code is built and shipped (entire SDLC) at scale to effectively tell developers how to fix it
- Architectural Risk Assessment: 10+ years of experience performing Threat Modeling and deep-dive code reviews across diverse stacks (e.g., Cloud-native/K8s, embedded systems, or SaaS) to identify systemic supply chain weaknesses
- SDLC Governance at Scale: 10+ years of experience implementing and maturing Secure Development Lifecycles (SDL), ensuring security checkpoints—like SBOM generation and SCA scanning—are automated into the CI/CD pipeline
- Incident Response Leadership: Experience in managing high-stakes security incidents, with 5+ years specifically focused on Product Security (PSIRT) rather than just internal IT/Corporate security
- Vulnerability Lifecycle Management: 5+ years of experience overseeing the full lifecycle of CVE (Common Vulnerabilities and Exposures) assignments, from initial researcher report through coordinated disclosure and patch verification
Nice-to-haves
- CISSP, GIAC (GREM, GCFA), or equivalent
- Product security or cloud certifications (e.g. AWS Security, GCP Professional Security Engineer)
Benefits
- In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements).
- No matter where or when you begin a career with us, you’ll find a far-reaching choice of benefits and incentives.
Apply tot his job Apply To this Job