Senior Security Engineer – Vulnerability Management

We’re a physician-led, patient-centric network committed to simplifying health care and bringing a more connected kind of care.

Our primary, multispecialty, and urgent care providers serve millions of patients in traditional practices, patients' homes and virtually through VillageMD and our operating companies Village Medical, Village Medical at Home, Summit Health, CityMD, and Starling Physicians.

When you join our team, you become part of a compassionate community of people who work hard every day to make health care better for all. We are innovating value-based care and leveraging integrated applications, population insights and staffing expertise to ensure all patients have access to high-quality, connected care services that provide better outcomes at a reduced total cost of care.

Please Note: We will only contact candidates regarding your applications from one of the following domains: @summithealth.com, @citymd.net, @villagemd.com, @villagemedical.com, @westmedgroup.com, @starlingphysicians.com, or @bmctotalcare.com.

The Senior Security Engineer – Vulnerability Management at VillageMD will play a key role in developing, executing, and improving the Vulnerability Management program by working closely with IT, security, and cloud teams to strengthen the organization’s security posture.

The ideal candidate has deep technical expertise in vulnerability management, security risk assessment, and remediation strategies. This role requires strong problem-solving abilities, hands-on experience with vulnerability scanning tools, and the ability to drive effective remediation efforts through cross-functional collaboration.

Key Responsibilities

• Responsible for the overall development, design, implementation and operational management of the corporate Vulnerability Management program.
• Plan, develop, and execute vulnerability scans of corporate information systems.
• Generate robust reporting on assessment findings and summarizes to facilitate remediation tasks.
• Partner with information technology and cyber security teams to deliver shared outcomes that measurably improve our ability to detect and respond to vulnerabilities and threats.
• Work closely with IT staff to deliver findings, recommendations and clear remediation steps for all activities.
• Identify and resolve false positive findings in assessment results.
• Share lessons learned and opportunities for hardening systems and applications to management.
• Facilitate the patching process to ensure that vulnerable systems are patched in a timely manner and track systems that are not patched to understand a clear strategic plan forward for remediation.
• Provide metrics on patching performance each patching cycle, preferably in real time.
• Cross-train other security engineers and IT teams, sharing expertise in vulnerability management, risk assessment, and remediation best practices to build a more resilient security posture.

Skills for Success

• Strong ability to analyze and mitigate vulnerability risks, applying best practices in cybersecurity operations and risk management.
• Excellent communication and collaboration skills, capable of working with cross-functional teams and translating security risks into actionable insights.
• Results-oriented mindset with a track record of driving vulnerability risk reduction through structured programs.
• Self-motivated and proactive, able to manage tasks and projects with minimal supervision.
• Ability to thrive in fast-paced, dynamic environments, effectively prioritizing and adapting to evolving security challenges.
• Strong problem-solving and analytical skills, with experience handling large data sets to identify, assess, and prioritize security risks.
• Highly organized and detail-oriented, able to consolidate complex security information into clear, actionable summaries.
• Ability to work under pressure, responding effectively to security incidents and evolving threats.

Qualifications

• 7+ years of experience in technology roles, with a focus on vulnerability management, information security, and technical security engineering.
• Proven experience developing and managing vulnerability management programs, from vulnerability discovery through remediation and validation.
• Expertise in vulnerability scanning platforms, such as Rapid7 InsightVM, Tenable Nessus, and Qualys.
• Strong familiarity with patching and system configuration management tools, including SCCM, BigFix, and Ivanti.
• Experience with system administration, IT infrastructure, and network security operations.
• Hands-on experience with enterprise security platforms, including endpoint security and vulnerability management tools.
• Knowledge of security governance and compliance frameworks, such as PCI DSS, ISO 27001, NIST 800-53, HIPAA, and HITRUST.
• Understanding of system hardening benchmarks and secure configurations, including DISA STIGs and CIS Benchmarks.

Preferred Qualifications

• Industry certifications (e.g. Certified Information Systems Security Professional, (CISSP) Certified Ethical Hacker, (CEH) GIAC Security Essentials Certifications, Global Information Assurance Certification, Forensics certifications.)

This is an exempt position. The base compensation range for this role is $150,000 to $160,000.  At VillageMD, compensation is based on several factors including but not limited to education, work experience, certifications, location, etc.  The selected candidate will be eligible for a valuable company benefits plan, including health insurance, dental insurance, life insurance, and access to a 401k plan.

Total Rewards at VillageMD

Our team members are essential to our mission to reshape healthcare through the power of connection. VillageMD highly values the critical role that health and wellness play in the lives of our team members and their families.  Participation in VillageMD’s benefit platform includes Medical, Dental, Life, Disability, Vision, FSA coverages and a 401k savings plan.

Equal Opportunity Employer

Our Company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to, and does not discriminate on the basis of, race, color, religion, creed, gender/sex, sexual orientation, gender identity and expression (including transgender status), national origin, ancestry, citizenship status, age, disability, genetic information, marital status, pregnancy, military status, veteran status, or any other characteristic protected by applicable federal, state, and local laws.

Safety Disclaimer

Our Company cares about the safety of our employees and applicants. Our Company does not use chat rooms for job searches or communications. Our Company will never request personal information via informal chat platforms or unsecure email. Our Company will never ask for money or an exchange of money, banking or other personal information prior to the in-person interview. Be aware of potential scams while job seeking. Interviews are conducted at select Our Company locations during regular business hours only. For information on job scams, visit, https://www.consumer.ftc.gov/JobScams or file a complaint at https://www.ftccomplaintassistant.gov/.