Expert (Staff) Vulnerability Management Engineer

This position does not offer work visa sponsorship

We are seeking an Expert (Staff) Vulnerability Management Engineer to join our Enterprise Vulnerability Management team. This role is responsible for planning, developing, and implementing enterprise-scale vulnerability management solutions to meet current and emerging security needs. You will proactively identify and resolve complex information security challenges, while designing, implementing, and maintaining a world-class vulnerability management program. Key focus areas include strategic planning, capability assessment, process development and refinement, technology capability analysis, and the implementation and continuous improvement of process support tools.

Responsibilities:

Vulnerability Management Strategic Planning, Design & Implementation:

• Performs vulnerability management capability assessments, process development and refinement activities, technology capability assessments, and solution design and implementation projects that ensure the security of the enterprise environment.
• Leads strategic planning activities informed by capability assessments which holistically address current and future maturity states of vulnerability management capabilities. Builds strong narratives to drive decision-making and educates leadership stakeholders on proposed plans.
• Serves as a security expert in vulnerability management solutioning, including vulnerability identification, assessment, and validation for CI/CD pipelines, cloud environments, and infrastructure.
• Engages with enterprise architects, security specialists, technology engineers, and other functional area specialists to ensure that enterprise technologies and security solutions are correctly configured and deployed to sufficiently mitigate identified risks and meet requirements for the enterprise, customers, partners, and vendors.
• Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, and technical capability requirements.

• Creates and maintains a view of IT assets, related attack surfaces, and emerging vulnerabilities to illustrate the flow of data and associated security threats.
• Manages the entire lifecycle of vulnerabilities from discovery, triage, advising, remediation, and validation.
• Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
• Serves as an expert in platform, application, storage, network, virtualization, cloud, and mobile security best practices.
• Develops leadership-level communications, including board of director and executive metrics, business cases, standards, policies, procedures, architecture design documents, etc.

• 7+ years of professional experience in Cybersecurity Management with a Bachelor's degree in Computer Science, Information Security, or a related field; an equivalent combination of education and experience will also be considered.
• 8+ years of combined hands-on IT and security architecture development and implementation work experience with a broad exposure to infrastructure/network and multi-platform environments.
• 2+ years of hands-on experience assessing vulnerabilities and using contextual risk to prioritize remediation efforts.
• 2+ years of experience in responding to zero-day and high-profile vulnerabilities.
• 2+ years of experience in cybersecurity solution engineering or security service delivery.
• 2+ years of leadership experience with planning and managing security implementations and/or leading a team of technical resources. This role will require the management of several (2 to 4) concurrent large-scale enterprise-wide information technology capability development projects.
• Industry certifications such as CISSP, GSEC, OSCP, or comparable security-related credentials are strongly preferred.

• A strong, complete, and working understanding of Microsoft Azure cloud and foundational cloud concepts.
• A robust understanding of contemporary security theory and application (including the vulnerability lifecycle and scanning methodologies (SAST, DAST, IAST, RASP) exploitation techniques and attack vectors).
• A strong understanding of the systems development lifecycle to lead multifunctional projects or initiatives.
• A robust understanding of vulnerability scoring systems (CVSS), security benchmarks (CIS, NIST), and risk quantification techniques.
• Excellent written and verbal communication skills (including technical writing).
• Excellent communication and presentation skills, with the ability to convey technical concepts to diverse audiences and a strong emphasis on listening and understanding stakeholder needs.
• Ability to develop executive communications and interact with senior leadership.
• Strong ability to build trust, partnerships, and mutual support across many diverse teams.
• Strong strategic planning, maturity assessment, analytical and problem-solving skills; ability to examine issues both strategically and analytically.
• Adaptive and demonstrated ability to learn quickly.
• Ability to interact well with co-workers and outside contacts.
• Ability to work collaboratively in a team environment.
• Ability to work on multiple, simultaneous initiatives and prioritize workload to meet commitments.
• Self-motivated with a strong sense of urgency.
• History of and commitment to ethical behavior.

• A strong, complete, and working understanding of key programming languages and frameworks (e.g., Java, Python, JSP, PHP, Node.js, etc.).
• A strong understanding of cyber threat intelligence competencies (cyber kill chain, diamond model, TTPs).
• Foundational knowledge of data analytics and visualization tools (e.g., Splunk, Tableau).
• Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.
• Experience or deep understanding of identifying and mitigating vulnerabilities, as well as implementing solutions to detect and remediate issues within AI tools and Large Language Models (LLMs)

• Competitive base and incentive pay
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program