Sr Director, Product Cyber Incident Response Team (PCIRT) - Remote

Job Overview

Optum Tech is a global leader in health care innovation. Our teams develop cutting-edge solutions that help people live healthier lives and help make the health system work better for everyone. From advanced data analytics and AI to cybersecurity, we use innovative approaches to solve some of health care’s most complex challenges.

Job Description

The Director of PCIRT leads the enterprise’s response to product-related cybersecurity incidents across the software development lifecycle. This role is accountable for building and operationalising a high-performing team that proactively detects, investigates, and mitigates threats to product integrity, supply chain security, and customer trust.

You’ll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities

• Incident Response Leadership
• Lead the response to product-related cyber incidents, including codebase compromise, supply chain vulnerabilities (e.g. NPM, GitHub), and third-party dependency risks
• Oversee the lifecycle of incident management: detection, triage, containment, eradication, recovery, and post-incident review
• Strategic Planning & Governance
• Define the PCIRT North Star and roadmap, including quarterly milestones and key results aligned with business outcomes
• Develop and maintain incident response playbooks, escalation protocols, and tooling strategies tailored to product environments
• Threat Intelligence & Detection
• Integrate threat intelligence into product pipelines to proactively identify risks
• Collaborate with engineering teams to embed security controls (e.g. secrets scanning, firewall rules, build runner protections) into CI/CD workflows
• Cross-Functional Collaboration
• Partner with Product Management, Engineering, Legal, and Cloud Infrastructure teams to ensure coordinated response and remediation
• Serve as the connective tissue between ESRO, ETIPS, and business units for secure product delivery
• Reporting & Communication
• Provide executive-level briefings on incident status, impact, and remediation