DevOps Engineer - Azure DevOps, Git actions, Python, Terraform

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start **Caring. Connecting. Growing together.**

• *Primary Responsibilities:**

• Core DevOps \& SRE Foundations (Cloud agnostic)

+ Linux \& Shell: Bash scripting, systemd, processes, networking tools

+ Version Control: Git (branching strategies, PRs, code reviews, trunk based)

+ CI/CD Concepts: Pipelines, artifacts, environments, approvals, traceability

+ Containers: Docker fundamentals, image hardening, multi\-stage builds

+ Orchestration: Kubernetes basics (pods, deployments, services, RBAC), Helm charts

+ IaC Principles: Idempotency, drift detection, modularization, environments, policy\-as\-code

+ Observability: Logs, metrics, traces; SLO/SLI; alerting; incident response

+ Security by design: Secrets management, least privilege, SBOM, vulnerability scanning

+ Automation: Python/PowerShell for glue code, SDK/CLI automation

+ Cost Awareness: FinOps basics, tagging strategies, rightsizing

+ Documentation \& Runbooks: ADRs, playbooks, postmortems, change management (ITIL)

• Azure Public Cloud Skill Set (DevOps focus)

+ Compute, Networking \& Storage

+ Compute: Azure VMs, VMSS, Azure Kubernetes Service (AKS), App Service, Functions.

+ Networking: VNets, Subnets, NSGs, ASGs, Private Endpoints, Azure Firewall/App Gateway, WAF, DNS, VNet Peering, ExpressRoute

+ Storage: Blob, ADLS Gen2 (hierarchical namespace), Files, Queues; lifecycle policies, immutability, encryption (SSE/CMK)

• Identity, Security \& Governance

+ Identity: Azure AD/Entra ID, Service principals, Managed identity, Conditional access.

+ RBAC: Custom roles, PIM (Privileged Identity Management)

+ Secrets: Key Vault (keys, secrets, certs), rotation, soft delete \& purge protection

+ Governance: Azure Policy (deny/append), Blueprints, Landing zones, Tags, Management Groups

+ Compliance: Defender for Cloud, Secure Score, Compliance Manager

+ Networking Security: Private Links, restricted egress, SSL/TLS, mTLS (where applicable)

• CI/CD \& IaC on Azure

+ Azure DevOps: Repos, Pipelines (YAML), Environments, Gate approvals, Artifacts

+ GitHub: Actions, Environments, OIDC to Azure, branch protections, required reviews

+ IaC

+ Terraform: azurerm provider, modules, workspaces, remote state (Storage\+Key Vault), import, plan/apply, drift

+ Bicep: module decomposition, parameterization, targetScope, linter, what if

+ ARM: legacy understanding for maintenance projects

+ Image Build: Packer for Azure, hardened base images

* AKS

+ Cluster bootstrapping (AAD, managed identity)

+ Network plugins (CNI), ingress (NGINX/App Gateway), CSI drivers

+ Secrets (Key Vault Provider), pod security, network policies

+ Scaling (HPA, Cluster Autoscaler), node pools, spot nodes

+ GitOps (Flux/Argo), Helm, release strategies (blue/green, canary)

• Observability \& Reliability

+ Azure Monitor: Metrics, Logs, Alerts, Workbooks

+ Log Analytics: KQL queries, log retention, cost controls

+ Application Insights: distributed tracing, live metrics

+ Alerting \& On call: Action Groups, PagerDuty/MS Teams integration

+ SRE Practices: Error budgets, chaos experiments (Azure Chaos Studio), load testing (Azure Load Testing/JMeter)

• Cost Management

+ Budgets \& Alerts: Set budgets, anomaly detection

+ Tagging Strategy: owner, environment, cost\-center, compliance

+ Optimization: Right\-size VMs, Savings Plans/Reserved Instances, Spot VMs, auto\-scaling, storage lifecycle, ingestion cost control

• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re\-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

• *Required Qualifications:**

• Undergraduate degree or equivalent experience
• 5\+ years of experience with DevOps
• Tech Stack: Knowledge of Azure Public Cloud

• At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone\-of every race, gender, sexuality, age, location and income\-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes \- an enterprise priority reflected in our mission.*

\#GEN