Key skills
Vulnerability managementApplication securityAutomationCloud securityData pipelinesAWSAzureNIST standardsSystems-level thinkingcommunicationTechnical leadershipCollaborationProblem-solvingPythonGolangAICI/CDLeadershipPrototypingCommunicationCloud Security
About this role
Datavant is the data collaboration platform trusted for healthcare, focused on making health data secure and actionable. The Sr Vulnerability & Exposure Management Engineer will design and operate a vulnerability management program, emphasizing automation and risk reduction across various environments.
Responsibilities:
- Design, build, and operate an engineering-first vulnerability management capability for Datavant’s applications and infrastructure, with a primary focus on reducing real exploit risk
- Build and maintain automation and data pipelines that ingest, normalize, correlate, and prioritize vulnerability signals across multiple sources, treating vendor tools as inputs rather than systems of record
- Develop self-service, engineer-facing dashboards and workflows that provide clear prioritization and actionable insight, rather than compliance-only reporting
- Partner closely with product and engineering teams to assess vulnerability risk in context, communicate exploitability and impact clearly, and recommend practical remediation or mitigation options
- Embed high-confidence vulnerability signals into existing engineering workflows (CI/CD, PRs, backlogs) to drive adoption with minimal friction
- Drive vulnerability risk reduction by validating that remediation or compensating controls meaningfully reduce exposure, rather than tracking ticket closure alone
- Translate compliance control intent into scalable, low-friction engineering implementations that produce audit-ready evidence through automation
- Serve as a technical subject matter expert during FedRAMP and other assessments by validating controls, remediation effectiveness, and technical evidence, without owning manual audit administration
- Lead and execute technical projects that advance Datavant’s vulnerability management and application security capabilities
- Act as a senior technical leader and influencer, shaping program direction through sound engineering judgment, hands-on execution, and cross-functional collaboration
Requirements:
- Deep technical expertise in vulnerability management and application security, with hands-on experience assessing, prioritizing, and reducing vulnerability risk in modern software environments
- Strong engineering background with demonstrated ability to design, build, and automate solutions (e.g., data pipelines, integrations, workflows, dashboards) rather than relying on manual or tool-driven processes
- Practical experience working across application, cloud, and container security in AWS and/or Azure, including real-world vulnerability assessment in complex or multi-cloud environments
- Solid understanding of security controls and assurance goals, with the ability to translate standards such as NIST, CIS, and FedRAMP into low-friction, scalable engineering implementations
- Ability to reason clearly about exploitability, exposure, impact, and compensating controls, and to apply that reasoning to prioritize work that meaningfully reduces risk
- Experience partnering closely with product and engineering teams throughout the software lifecycle, from design and build through deployment and operation
- Strong communication skills, with the ability to explain security risk, tradeoffs, and remediation options to both technical and non-technical stakeholders
- Demonstrated ability to operate effectively in fast-paced environments, delivering impact quickly while navigating ambiguity and limited dependencies
- Broad understanding of how security functions (product security, platform security, GRC, operations) work together, and how vulnerability management fits into the larger system
- Python or GoLang strongly preferred
- Familiarity with commercial cloud security platforms (e.g., Wiz) is a plus, but the ability to reason beyond tool outputs and build custom solutions is essential
- Demonstrated technical thought leadership in vulnerability management, with a track record of shaping how risk is modeled, prioritized, and reduced in modern engineering environments
- Prior hands-on experience architecting and building automated vulnerability management or security data platforms, not just operating commercial tools
- Experience applying security and compliance requirements in highly regulated environments (e.g., healthcare, FedRAMP High/Moderate), including representing technical programs to auditors or government stakeholders
- Experience coding and prototyping with modern developer tooling, including AI-assisted development workflows such as Claude Code, to accelerate delivery and reduce operational toil