Sr Manager, Vulnerability & Exposure Management

About The Position

Requirements

• Proven experience leading a vulnerability management program, with a strong ability to build, mentor, and inspire technical talent.
• Well-formed opinions on what makes a successful vulnerability and exposure management program
• Understanding and background in standing up vulnerability aggregation and/or ASPM platforms.
• Strong experience with vulnerability identification sources including application penetration testing, application code scanning(SCA, SAST), cloud and container analysis(CNAPP).
• Depth of knowledge working with Wiz.
• Experience with attack surface management tools.
• An engineering background with practical knowledge of how to automate and integrate systems through custom software development, building pipelines, and LCNC orchestration.
• Excellent collaboration and communication skills, capable of influencing stakeholders across technical and non-technical teams.
• Minimum of 5 years of experience in vulnerability management, including at least 3 years of leadership experience.
• Experience in highly regulated industries such as healthcare, with knowledge of frameworks like HIPAA, HITRUST, and SOC 2 (preferred).

Nice To Haves

• A background in software engineering and automation
• Ability to directly contribute to engineering efforts for the program in a hands on keyboard fashion
• Experience with AI assisted software development such as Claude Code
• Recent work in a FedRAMP environmen

Responsibilities

• Use your deep understanding of vulnerability management to help refine the shared responsibility vulnerability and exposure management framework for Datavant.
• Consolidate the infrastructure and application security detection functions under a single banner.
• Simplify and where possible, automate the onboarding and integration to our scanning technologies beyond out of the box vendor connections.
• Provide direct technical engineering guidance and coaching, including code review to your team.
• Own creating the reporting and presentation for our exposure posture across all detection sources, with metrics rolled up and broken down across multiple facets to drive risk reduction.
• Smoothly mesh vulnerability management practices into our secure SDLC.
• Identify and implement a solution to give Datavant a prioritized, single pane of glass view of all vulnerabilities and misconfigurations.
• Work directly with security senior leadership to ensure maturity, depth, and coverage of our exposure management program.
• Speak on vulnerability management to government agencies on behalf of Datavant for our FedRAMP compliance.
• Have an understanding of risks, but may have some knowledge gaps in depth of risk management. It’s OK, we’ll teach you. The core skill set you bring to the table is an engineering mindset.
• Own new projects for advancing security in our environment.
• Be the deep technical expert and collaborate with others on the teams to ensure project success.