Senior Security Engineer – Vulnerability Management

We’re a physician-led, patient-centric network committed to simplifying health care and bringing a more connected kind of care.

Our primary, multispecialty, and urgent care providers serve millions of patients in traditional practices, patients' homes and virtually through VillageMD and our operating companies Village Medical, Village Medical at Home, Summit Health, CityMD, and Starling Physicians.

When you join our team, you become part of a compassionate community of people who work hard every day to make health care better for all. We are innovating value-based care and leveraging integrated applications, population insights and staffing expertise to ensure all patients have access to high-quality, connected care services that provide better outcomes at a reduced total cost of care.

Please Note: We will only contact candidates regarding your applications from one of the following domains: @summithealth.com, @citymd.net, @villagemd.com, @villagemedical.com, @westmedgroup.com, @starlingphysicians.com, or @bmctotalcare.com.

The Senior Security Engineer – Vulnerability Management at VillageMD will play a key role in developing, executing, and improving the Vulnerability Management program by working closely with IT, security, and cloud teams to strengthen the organization’s security posture.

The ideal candidate has deep technical expertise in vulnerability management, security risk assessment, and remediation strategies. This role requires strong problem-solving abilities, hands-on experience with vulnerability scanning tools, and the ability to drive effective remediation efforts through cross-functional collaboration.

Key Responsibilities

• Responsible for the overall development, design, implementation and operational management of the corporate Vulnerability Management program.
• Plan, develop, and execute vulnerability scans of corporate information systems.
• Generate robust reporting on assessment findings and summarizes to facilitate remediation tasks.
• Partner with information technology and cyber security teams to deliver shared outcomes that measurably improve our ability to detect and respond to vulnerabilities and threats.
• Work closely with IT staff to deliver findings, recommendations and clear remediation steps for all activities.
• Identify and resolve false positive findings in assessment results.
• Share lessons learned and opportunities for hardening systems and applications to management.
• Facilitate the patching process to ensure that vulnerable systems are patched in a timely manner and track systems that are not patched to understand a clear strategic plan forward for remediation.
• Provide metrics on patching performance each patching cycle, preferably in real time.
• Cross-train other security engineers and IT teams, sharing expertise in vulnerability management, risk assessment, and remediation best practices to build a more resilient security posture.

Skills for Success

• …