Apply on Employer Site

UnitedHealth Group · 1 day ago

Principal Physical Red Team Analyst - Remote or Hybrid in MN Metro or DC

Eden Prairie, MN

Full-time

Hybrid

Senior Level, Lead/Staff

$113K/yr - $193K/yr

5+ years exp

UnitedHealth Group is a global organization focused on improving health outcomes through technology. They are seeking a Principal Physical Red Team Analyst to conduct physical security assessments and simulate real-world threats to enhance the security posture of their facilities and processes.

Health CareHospitalMedicalWellness

Responsibilities

Conduct physical security assessments of facilities by attempting to bypass locks, alarms, access controls, and security personnel

Perform covert entry operations including reconnaissance, surveillance, and red team exercises

Test human-factor vulnerabilities through social engineering, impersonation, or tailgating

Conduct intelligence (OSINT, HUMINT, SIGINT) collection on facilities, personnel, and businesses

Design, source, build, and deploy physical and technological offensive security tools

Create and communicate risk-profiles for executive members

Document findings with accurate reporting, photography, and after-action reviews, including remediation recommendations

Collaborate with cybersecurity, corporate security, and defensive security teams to ensure findings are integrated into broader risk management strategies

Maintain strict compliance with legal, ethical, and safety guidelines during all engagements

Stay current with emerging tools, techniques, and threat actor behaviors relevant to physical security testing

Effectively communicate successes and obstacles with fellow team members and team lead(s)

Create written reports, detailing assessment findings and recommendations

Interface with customer contact(s) and staff in a constructive and professional manner

Have subject matter expertise in advanced testing specialties: containerization, automation, wireless/IoT, exploit development, hardware and/or mainframe environments

Ethically operate with appreciable latitude in developing methodology and applying it in the field

Research and analyze adversary methodologies and develop testing models to mimic adversaries

Ability to communicate clearly and effectively through oral or written communication with all levels in the organization

Ability to initiate, design, execute, complete, and provide metrics on projects independently with minimal direction

Drive cross-team efforts to address systemic risks across the business

Conduct business/risk portfolio research and test planning work that encompasses holistic testing efforts

Act as an overall SME and force multiplier for team through mentoring, education, training, etc

Qualification

Physical Red Team AssessmentsIntelligence GatheringOffensive Security ToolsCritical ThinkingPhysical Red Team CertificationOffensive Security CertificationDrone OperationSocial EngineeringTeam CollaborationCommunication Skills

Required

5+ years of in-depth experience in physical red team assessments

3+ years of demonstrated and practical experience with intelligence gathering and sorting (HUMINT, OSINT, SIGINT, etc.)

Demonstrable expertise with physical red team assessments and reporting

Hands-on and demonstrated expertise with assessment and exploitation tools including: Key Card Emulators, RFID Scanners, RaspberryPi, Physical and Technological Evasion Techniques, Software Defined Radios, Kali, Burp, and Metasploit

Demonstrated ability to design, source, build, and deploy various offensive security tools (wireless detection, SDR, drone, surveillance)

Ability to think critically and creatively to solve complex problems with limited to no guidance

Ability to travel up to 50% of the time; sometimes outside the United States

Ability to integrate with a team and support cross-team functions