Sr Vulnerability Engineer

Sr Vulnerability Engineer

Datavant is a data platform company and the world's leader in health data exchange. Our vision is that every healthcare decision is powered by the right data, at the right time, in the right format. Our platform is powered by the largest, most diverse health data network in the U.S., enabling data to be secure, accessible and usable to inform better health decisions. Datavant is trusted by the world's leading life sciences companies, government agencies, and those who deliver and pay for care. By joining Datavant today, you're stepping onto a high-performing, values-driven team. Together, we're rising to the challenge of tackling some of healthcare's most complex problems with technology-forward solutions. Datavanters bring a diversity of professional, educational and life experiences to realize our bold vision for healthcare.

What We're Looking For

As a Sr Vulnerability Engineer, you will be responsible for identifying, assessing, analyzing, prioritizing, and coordinating security vulnerabilities across Datavant's IT infrastructure, business applications, and cloud environments. The candidate will have a strong technical background in cybersecurity, vulnerability scanning tools in application, infrastructure space, and risk assessment methodologies.

What You Will Do

Focus primarily on vulnerability assessment, scanning, prioritization in Datavant's infrastructure and applications including those within the FedRAMP boundary, ensuring follow up on vulnerability remediation efforts managing risk effectively for the organization.

Engage heavily with product and development teams to assess all vulnerability risks and communicate to both technical and non-technical team members the risk level, impact, and options for remediation and/or mitigation of risk.

Maintain and work on security scanning solutions in SAST/SCA/Container Security/Cloud/Infrastructure scanning space.

Build and automate self service dashboards in the vulnerability management space.

Own building a unified solution for vulnerability management to reduce exploit risk and deliver audit grade visibility.

Drive and track vulnerability remediation.

Prepare for and support annual FedRAMP 3PAO assessments by validating control evidence, resolving findings, and reviewing audit artifacts.

Partner with GRC, Platform, Product, and Engineering teams to translate compliance requirements into actionable technical tasks.

Help facilitate quarterly planning discussions by providing strategic prioritization on vulnerability remediation, compliance control implementation, etc.

Translate compliance control intent into modern engineering workflows. Rather than applying controls literally, decompose their requirements into their core assurance goals, then rebuild them as scalable, low-friction implementations that achieve the same assurance (or better) through automation, auditable development workflows, and practical risk management.

Review application projects our development teams build. You'll be very comfortable providing control feedback in a review environment to development teams. You'll be adept at using your knowledge to the application of practical risk management.

Own new projects for advancing security in our environment. Be the deep technical expert and collaborate with others on the teams to ensure project success. Your impact here cannot be understated, you are a core contributor and have deep influence to empower Datavant greatness.

What You Need to Succeed

Strong technical expertise in security space.

6+ years of working in vulnerability research, scanning, prioritization.

6+ years of working with compliance standards like NIST, CIS, FedRAMP.

Have a deep understanding of Application, Cloud and Container security. Hands on vulnerability assessment, research experience in a multicloud environment is preferred.

Have a strong understanding of security controls, both those that exist in audit standards as well as practical controls that can help reduce risk and increase safety in application development environments and AWS and/or Azure.

Proven ability to automate/build solutions.

Strong communication skills.

You understand how the broad parts of a security team function and operate in unison.

You can articulate start to finish what role security should play in ideation and build with development teams.

Experience with Wiz.

You have opinions and options on most of the steps.

You are a consummate collaborator, it's inherent in your work behavior.

You are heavily focused on delivery and being impactful; Understand how to operate and succeed in a very fast-paced environment where the security team should be a partner and enabler for the engineering team rather than a blocker.

We lean deeply into individuals who have experience and have practical knowledge of applying standards in low friction ways.

Broad scoped projects don't scare you, they energize you. However, you like to get things done fast (and help others) with limited dependencies.

What Helps You Stand Out

Ability to provide technical thought leadership in the vulnerability management space.

Strong understanding of risk.

Prior hands-on experience building automated solutions specifically in the Vulnerability management space.

You are often viewed as the "expert in the room" for vulnerability management space.

Prior experience building and architecting secure solutions.

Ability to mentor junior engineers.

Ability to influence and lead without authority.

Experience with Sigma and Snowflake.

You have experience with security in healthcare or other highly regulated space. Examples: HIPAA, HITRUST, SOC 2, and PCI experience from an operational response standpoint.

Deep experiencing representing companies to government agencies for FedRAMP High and Moderate environments.

We are committed to building a diverse team of Datavanters who are all responsible for stewarding a high-performance culture in which all Datavanters belong and thrive. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

At Datavant our total rewards strategy powers a high-growth, high-performance, health technology company that rewards our employees for transforming health care through creating industry-defining data logistics products and services. The range posted is for a given job title, which can include multiple levels. Individual rates for the same job title may differ based on their level, responsibilities, skills, and experience for a specific job. The estimated total cash compensation range for this role is: $184,000—$230,000 USD.

To ensure the safety of patients and staff, many of our clients require post-offer health screenings and proof and/or completion of various vaccinations such as the flu shot, Tdap, COVID-19, etc. Any requests to be exempted from these requirements will be reviewed by Datavant Human Resources and determined on a case-by-case basis. Depending on the state in which you will be working, exemptions may be available on the basis of disability, medical contraindications to the vaccine or any of its components, pregnancy or pregnancy-related medical conditions, and/or religion.

This job is not eligible for employment sponsorship. Datavant is committed to a work environment free from job discrimination. We are proud to be an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status. To learn more about our commitment, please review our EEO Commitment Statement here.

Know Your Rights, explore the resources available through the EEOC for more information regarding your legal rights and protections.

Datavant is committed to working with and providing reasonable accommodations to individuals with physical and mental disabilities. If you need an accommodation while seeking employment, please request it here, by selecting the 'Interview Accommodation Request' category. You will need your requisition ID when submitting your request, you can find instructions for locating it here.

For more information about how we collect and use your data, please review our Privacy Policy.