Senior Information Security Engineer Analyst - Muntinlupa City

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together

As a Manual Access Provisioning Specialist (Extended IAM & Security Responsibilities), you will play a critical role in ensuring secure, compliant, and efficient user access lifecycle management across the organization. In addition to manual provisioning activities, this role requires hands-on exposure to Identity Governance (SailPoint), Privileged Access Management (PAM) platforms such as CyberArk and Delinea, and foundational understanding of SIEM/SOC operations and Threat & Vulnerability Management.

You will collaborate closely with CISOs, senior security leaders, application owners, and cross-functional security teams to implement scalable IAM solutions, onboard new businesses, manage SOPs, deliver KT, and continuously enhance the enterprise access control program.

Primary Responsibilities:

• Gather & translate access needs: Collaborate with clients and stakeholders to collect access requirements and convert them into secure, role-appropriate provisioning strategies
• Manual provisioning/de-provisioning: Execute access provisioning and removal across on-prem and cloud environments, including Active Directory and third-party applications
• Governance & compliance: Ensure all access activities align with internal security policies, regulatory requirements, and IAM best practices
• Process documentation (SOPs): Maintain, review, and update Standard Operating Procedures for access provisioning to ensure alignment with evolving security and operational needs
• Knowledge transfer & documentation: Conduct KT sessions and maintain knowledge base documentation to support continuity and operational readiness
• Identity Governance (SailPoint IIQ / IDN)
  • Application onboarding to SailPoint: Support onboarding of applications into SailPoint IdentityIQ / IdentityNow, including connector configuration, attribute mapping, and workflow enhancements
  • Rules, workflows & campaigns: Assist in creating/modifying custom rules, workflows, certification campaigns, and automation logic to strengthen identity lifecycle governance
  • Troubleshooting & stabilization: Help resolve IIQ/IDN issues (e.g., provisioning failures, rule logic errors, access review configuration issues)
  • Lifecycle automation support: Work with development teams to support and improve identity lifecycle automation initiatives
  • *Privileged Access Management (CyberArk / Delinea)
  • PAM integrations & onboarding: Support integration of enterprise applications, databases, and infrastructure components into CyberArk and Delinea PAM vaults
  • Privileged policy configuration: Assist in configuring password rotation, session recording, privileged access workflows, and access request models
  • Privileged account governance: Monitor and manage privileged account onboarding, maintenance activities, and compliance reporting
  • PAM troubleshooting: Troubleshoot vault and component issues including session manager, PSM/PSMP, and connector-related problems
• SOC & SIEM Awareness
  • SOC collaboration: Coordinate with SOC teams to ensure access-related activities support security monitoring and detection requirements
  • Security data enablement: Provide access logs, entitlement insights, and privileged activity data to strengthen detection and investigation use cases
  • SIEM correlation awareness: Understand and support IAM/PAM-related correlation rules within SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar)
• Threat & Vulnerability Management (TVM)
  • Access risk remediation: Partner with TVM teams to remediate access-related vulnerabilities such as excessive privileges, orphan accounts, and stale entitlements
  • IAM risk assessment & reporting: Assess and report IAM-centered risk exposures using vulnerability intelligence
  • Privilege reviews & risk reduction: Support periodic privilege reviews, toxic combination analysis, and provide recommendations to reduce access-related risk
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

• Graduate degree or equivalent experience
• 4+ years of experience in Information Security with a focus on IAM
• Hands-on experience in manual provisioning and strong understanding of IAM fundamentals
• Knowledge of SIEM/SOC workflows and IAM-related detection use cases
• Understanding of threat and vulnerability management concepts
• Familiarity with security frameworks such as NIST CSF, ISO 27001, CIS Benchmarks
• Proven exposure to SailPoint IIQ/IDN development, CyberArk, and/or Delinea platforms
• Proven solid analytical/problem-solving skills and ability to work independently or collaboratively

• Scripting knowledge (PowerShell, Python, etc.)