Senior Vulnerability Manager
Listed on 2026-07-07
-
IT/Tech
Cybersecurity
Summary
At Plan Source, a leading cloud-based provider of benefits administration technology and services, we are on a mission to simplify how people choose, use, and manage benefits through cutting‑edge, AI‑powered experiences. This is an incredible time to launch your career with us!
Role OverviewPlan Source is seeking an experienced Senior Vulnerability Manager to lead and mature the enterprise‑wide vulnerability management program across infrastructure, cloud, applications, and CI/CD ecosystems. Reporting to the Director of Security Architecture, this role is responsible for operational execution, program maturity, and risk‑based remediation, while also contributing to secure architecture strategies and design governance.
This role operates at the intersection of program management and hands‑on execution, ensuring vulnerabilities are identified, prioritized, remediated, and prevented through secure design and engineering practices.
Core Responsibilities- Execute and continuously improve the risk‑based vulnerability management program, including procedures, SLAs, and exception processes.
- Drive program maturity, automation, and continuous improvement initiatives.
- Track and report SLA adherence, MTTR, backlog trends, and risk reduction metrics.
- Analyze vulnerability findings and manage remediation workflows based on risk prioritization.
- Prioritize vulnerabilities using CVSS, EPSS, KEV, threat intelligence, and business context.
- Coordinate remediation with responsible teams.
- Build and maintain dashboards for operational and executive reporting and deliver risk trends, root cause analysis, and remediation insights (e.g., Power BI).
- Analyze vulnerabilities across code, dependencies, scripts, and APIs.
- Design and manage SAST, DAST, SCA, and SBOM processes.
- Integrate vulnerability management into QA/UAT and development workflows.
- Enable shift‑left security via CI/CD integrations (e.g., Snyk, Veracode).
- Analyze platform and infrastructure vulnerabilities including cloud‑native risks.
- Administer, manage, and optimize agent‑based, network, and cloud‑integrated scanning across environments (e.g., Tenable Nessus, Rapid7).
- Maintain comprehensive asset inventory and coverage across endpoints, servers, containers, and cloud resources.
- Integrate vulnerability detection and remediation into CI/CD pipelines.
- Implement continuous monitoring and validation of pipeline security.
- Ensure code and artifact integrity along with secure software supply chain practices.
- Automate remediation wherever possible across pipelines and infrastructure.
- Participate in architecture and design documentation and reviews.
- Partner with Engineering and Dev Ops to ensure secure build, deploy, and supply chain pipelines.
- Maintain audit‑ready evidence supporting frameworks such as HIPAA, SOC 2 and ISO 27001.
- Support third‑party audits, penetration testing, and regulatory compliance efforts.
Required Qualifications
- 5+ years in information security with 2–3+ years focused on vulnerability management.
- Deep knowledge of secure coding, infrastructure as code, static/dynamic analysis tools (e.g., Snyk, Veracode, Tenable, Rapid7), container security (e.g., Docker, Kubernetes), and cloud platform security (e.g., Wiz, Orca).
- Strong understanding of secure coding and Dev Sec Ops practices.
- Experience in CI/CD integration and developer workflows.
- Strong cross‑functional collaboration and communication skills.
- Industry certifications (CISSP, CCSP, CISM, CSSLP, etc.).
- Experience in regulated environments (HIPAA, SOC 2, CCPA).
- Familiarity with penetration testing frameworks and tools.
- Knowledge of AI/LLM security considerations.
At Plan Source
, benefits are at the core of what we do, and we understand their impact on our employees and their families. That’s why we’ve designed our benefits program to support overall wellbeing across health, financial security, career growth, and work‑life balance.
- Comprehensive health coverage with multiple medical plan options - all covering…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).