Penetration Test Coordinator

Datavant is a rapidly growing health information technology company with a mission to connect the world’s health data to improve patient outcomes. Datavant works to reduce the friction of data sharing across the healthcare industry by building technology that protects the privacy of patients while supporting the linkage of patient health records across datasets.

By joining Datavant today, you’re stepping onto a highly collaborative, remote-first team that is passionate about creating transformative change in healthcare. We hire for three traits: we want people who are smart, nice, and get things done. We invest in our people and believe in hiring for high-potential and humble individuals who can rapidly grow their responsibilities as the company scales. Datavant is a distributed, remote-first team, and we empower Datavanters to shape their working environment in a way that suits their needs. 

You will:

• Own and manage internal and external-facing security programs, such as our penetration testing and bug bounty programs, from end to end (design to daily operations).
• Build relationships and engage with relevant stakeholders across the organization to gather requirements, collect feedback and measure the efficiency of our programs.
• Identify and actively explore opportunities for process and program improvements
• Develop and maintain documentation for security programs, policies, and procedures
• Collaborate with compliance teams to ensure alignment with regulatory requirements
• Manage vendor relationships related to security tools and services
• Help increase security maturity and engagement throughout the organization

What you will bring to the table: 

• You are humble
• 3+ years of experience running a penetration testing and/or bug bounty program
• Strong understanding of security principles, practices, methodologies and frameworks.
• An understanding of quality in security testing
• Excellent project management skills with the ability to manage multiple initiatives simultaneously.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Ability to translate complex technical concepts into easily understandable terms for non-technical stakeholders
• A strong bias towards action and delivery.

Bonus points if:

• You have experience with security in healthcare or other highly regulated space. Examples: HIPAA/HITRUST, SOC 2, PCI experience from an operational response standpoint.
• You possess relevant certifications such as CISSP, CISM, or PMP.
• You are familiar with cloud security practices and technologies (e.g., AWS, Azure, GCP).

We are committed to building a diverse team of Datavanters who are smart, nice, and get things done, where every Datavanter is empowered to bring their authentic self to their work. We are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Our compensation philosophy is to be externally competitive, internally fair, and not win or lose on compensation. Salary ranges for this position are developed with the support of benchmarks (competitive San Francisco rates for US-based roles) and industry best practices. 

We’re building a high-growth, high-autonomy culture. We rely less on job titles and more on cultivating an environment where anyone can contribute, the best ideas win, and personal growth is driven by expanding impact. This means we default to simple job titles (e.g., Software Engineer) rather than complex ones (e.g., Senior Software Engineer). The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on  level, responsibilities, skills, and experience for a specific job. 

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your responses will be anonymous and used to help us identify areas of improvement in our recruitment process. (We can only see aggregate responses, not individual responses. In fact, we aren’t even able to see if you’ve responded or not.) Responding is your choice and it will not be used in any way in our hiring process.