Threat/Vulnerability Management, Lead

Company Overview:

Cohere Health is a fast-growing clinical intelligence company that’s improving lives at scale by promoting the best patient-specific care options, using leading edge AI combined with deep clinical expertise. In only four years our solutions have been adopted by health insurance plans covering over 15 million people, while our revenues and company size have quadrupled. That growth combined with capital raises totaling $106M positions us extremely well for continued success. Our awards include: 2023 and 2024 BuiltIn Best Place to Work, Top 5 LinkedIn™ Startup, TripleTree iAward, multiple KLAS Research Points of Light, along with recognition on Fierce Healthcare's Fierce 15 and CB Insights' Digital Health 150 lists.

Opportunity Overview:

We are seeking a seasoned Security Architect to lead and enhance our Threat and Vulnerability Management (TVM) program, ensuring it aligns with internal policies and HIPAA/HITRUST compliance requirements. The Security Architect will be responsible for designing and maintaining the overarching security architecture, conducting vulnerability assessments, and collaborating with various teams to address security issues. This role will involve working closely with developers, system administrators, and senior leadership to protect our digital assets and ensure a robust security posture.

Last but not least: People who succeed here are empathetic teammates who are candid, kind, caring, and embody our core values and principles. We believe that diverse, inclusive teams make the most impactful work. Cohere is deeply invested in ensuring that we have a supportive, growth-oriented environment that works for everyone.

What you will do:

• Threat and Vulnerability Management (TVM) Program:
• Lead a comprehensive TVM program, ensuring it meets internal standards and complies with HIPAA/HITRUST requirements.
• Conduct regular vulnerability scans using automated tools in a cloud-first environment, identifying vulnerabilities and assessing potential impacts.
• Vulnerability Analysis and Prioritization:
• Analyze vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impact.
• Gather and analyze threat intelligence to proactively identify and mitigate threats, providing actionable insights to the relevant teams.
• Collaboration and Remediation:
• Collaborate with development teams, system administrators, and other stakeholders to ensure timely remediation of identified vulnerabilities and threats.
• Lead remediation efforts, providing guidance and expertise to developers and system administrators.
• Review and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings.
• Incident Response and Reporting:
…