IT Security Technical Lead

IT Security Technical Lead - Vulnerability Management

Responsible for developing, leading, and continuously improving the enterprise-wide Vulnerability Management and Security Assessment program.

This role ensures that vulnerability management across systems, applications, and clouds are identified, assessed, prioritized, and remediated in alignment with business risk and compliance objectives.

The successful candidate will combine technical expertise, strategic oversight, and leadership skills to drive a measurable reduction in organizational risk while supporting Quest Diagnostics mission to protect data, systems, and customer.

• Lead the global Vulnerability Management program, including policy management, scanning, reporting, and remediation tracking.
• Design and maintain a comprehensive Vulnerability Management framework aligned with NIST, HIPAA, PCI, SOX, & etc.
• Lead rapid assessment and remediation efforts for Zero day vulnerabilities, including immediate impact analysis, exploitability review, and prioritization based on business risk.
• Server as Subject Matter Expert (SME) for Qualys, or similar scanning platforms - ensuring accurate detection, prioritization, and reporting of vulnerabilities.
• Partner and Infrastructure, Application, and Risk Teams to coordinate assessment and remediation activities across diverse environments.
• Define and monitor metrics and KPIs to evaluate program effectiveness and communicate progress to Senior leadership.
• Develop and maintain dashboard and reports highlighting trends, remediation SLA performance and residual risk posture
• Conduct ad-hoc vulnerability assessments and provide risk-based recommendations for remediation and mitigation
• Provide consultancy and guidance on Vulnerability risk, Security exception, and compensating controls to technical and business stakeholders.
• Support security compliance efforts by ensuring timely remediation of vulnerabilities tied to audit findings and regulatory frameworks (HIPAA, PCI, SOX).
• Develop and deliver training, workshops, and awareness sessions to improve understanding and accountability across teams.
• Continuously evaluate and implement process and automation improvement to enhance efficiency and reporting accuracy.
• Conduct network penetration testing for PCI environment using Core Impact (Fortra) or similar tools to validate security controls and achieve regulatory compliance.

Required

Work Experience:

• Bachelor's degree in computer science information security, or related discipline
• Minimum 7 years if experience in IT Security, including 3+ years leading a Vulnerability or Threat management program
• Proven experience with Qualys, Tenable, Wiz or equivalent vulnerability management tools.
• Hands on experience performing network penetration testing for PCI environments or equivalent
• Strong understanding of CVSS, CVE, & CWE
• Familiarity with remediation strategies across Windows, Linux Network, and Cloud environments
• Excellent Communication and stakeholder management skills with ability to convey risk to both technical and non-technical audiences.
• Certifications such as CISSP, CISM, CISA, GPEN, or Qualys VMDR specialist
• Experience in regulated industries (Healthcare, Financial or Life Sciences)
• Familiarity with Service Now, Archer, or similar GRC platforms for exception and risk tracking
• Experience leading and mentoring security engineers, specialists, or analysts.

Preferred

Work Experience:

• Develop and maintain custom scripts and API integrations to automate and streamline reporting and remediation workflows.
• Leverage Qualys CAR (Custom Assessment and Remediation) and optimize for efficient remediation and scanning.

Equal Opportunity

Employer:

Race/Color/Sex/Sexual Orientation/Gender Identity/Religion/National Origin/Disability/Vets or any other legally protected status.