Vulnerability Management Engineer III

Datavant is a data platform company and the world’s leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format.

Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world’s leading life sciences companies, government agencies, and those who deliver and pay for care. 

By joining Datavant today, you’re stepping onto a high-performing, values-driven team. Together, we’re rising to the challenge of tackling some of healthcare’s most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.

What We’re Looking For

The Vulnerability Management Engineer III plays a crucial role in safeguarding our organization's technology assets by actively participating in the implementation and operations of our Vulnerability Management program. This program aims to identify, assess, prioritize, communicate to asset and product remediation owners vulnerabilities in both their production and enterprise assets, supporting a robust security posture for the organization. 

The ideal candidate will possess a combination of technical expertise, a deep comprehension of vulnerability management best practices and a desire to work smart and hard.

What You Will Do

• Assist in maintaining a comprehensive vulnerability management program aligned with industry standards and best practices.
• Adhere to established policy, guidelines and procedures.
• Collaborate with IT/Enterprise, Security/Compliance, Engineering/Production and Leadership teams, support vulnerabilities being addressed in accordance with company policy and/or applicable frameworks.
• Aggregate vulnerability assessment results from partner teams, utilizing automated tools and manual reviews to identify potential weaknesses in systems, networks, and applications.
• Prioritize vulnerabilities based on severity, risk level, real threat indicators and potential impact on the organization's operations and reputation.
• Provide IT Asset and Product remediation owners with vulnerability remediation and/or mitigating workaround options for identified vulnerabilities and collaborate with such asset owning teams to support their timely resolution efforts.
• Monitor and track the progress of vulnerability remediation efforts, providing regular reports on the overall effectiveness of the program.
• Stay abreast of emerging threats, vulnerabilities, and mitigation techniques through ongoing research, threat feeds and professional development.
• Support and maintain a culture of general vulnerability risk awareness within the organization and aid in the proactive development of the company’s vulnerability management initiatives.  

What You Need to Succeed

• Bachelor's degree in computer science, information technology, or a related field.
• Four or more years of hands-on experience in vulnerability management in either production or enterprise asset environments.
• Excellent verbal and written communication and interpersonal skills to engage effectively with stakeholders at all levels of the organization.
• Strong analytical and problem-solving abilities to identify and resolve complex vulnerability issues.
• Familiarity with industry-standard vulnerability management tools and technologies, including vulnerability scanners, threat intelligence platforms, and patch management systems.
• Understanding of relevant industry standards and regulations, such as PCI DSS, ISO 27001, CIS, NIST Cybersecurity Framework, HITRUST, FEDRAMP and the HIPAA Security Rule.
• Maintain a coachable and team-player attitude with a desire to collaborate for the purpose of continuous improvement of the vulnerability management program’s posture.

What Helps You Stand Out

• Experience with security risk assessment and management, including threat modeling and risk analysis.
• Familiarity with incident response and disaster recovery procedures.
• Familiarity with Appsec and LLM and ML security best practices
• Experience with analyzing and application of baseline hardening configurations (e.g., CIS benchmarks).
• General working knowledge and understanding of web-based Git repositories (e.g., GitHub, GitLab, etc.).
• Knowledge of cloud security and DevSecOps practices, including secure software development methodologies, container security, and cloud security controls.
• Certifications related to vulnerability management or information security, such as Security+, CySA+, PenTest+, GEVA, CVA, CEH, and/or OSCP.
• Preferred experience with on-prem, hybrid, or cloud infrastructure (AWS/Azure), Crowdstrike, Qualys, Tenable, SonarCube, Wiz, GHAS, Nucleus Security, BurpSuite, etc.

 

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services.

The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job.

The estimated total cash compensation range for this role is:$110,000—$137,000 USD

To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.

This job is not eligible for employment sponsorship.

Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here. Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections. In addition, Datavant does not and will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. 

At the end of this application, you will find a set of voluntary demographic questions. If you choose to respond, your answers will be anonymous and will help us identify areas for improvement in our recruitment process. (We can only see aggregate responses, not individual ones. In fact, we aren’t even able to see whether you’ve responded.) Responding is entirely optional and will not affect your application or hiring process in any way.

Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please contact us at peopleteam@datavant.com. We will review your request for reasonable accommodation on a case-by-case basis.

For more information about how we collect and use your data, please review our Privacy Policy.