Vulnerability & Exposure Management Engineer

What We're Looking For

A security engineer to help build and operate an engineering-driven vulnerability and exposure management program, focused on turning vulnerability data into actionable signals embedded in modern engineering workflows. This role emphasizes automation, practical risk reduction, and hands-on execution across application, cloud, and infrastructure environments. It is not primarily a ticket-tracking or audit-administration role, but a technical role contributing to scalable solutions.

What You Will Do

• Contribute to the design, implementation, and operation of Datavant’s vulnerability and exposure management capabilities, with a focus on reducing real exploit risk.
• Build and enhance automation and workflows that ingest, normalize, and prioritize vulnerability signals across multiple sources.
• Develop and improve engineer-facing dashboards and integrations that help teams understand and act on vulnerability risk.
• Work with product and engineering teams to assess vulnerability findings, explain exploitability and impact, and support practical remediation or mitigation approaches.
• Help embed vulnerability signals into existing engineering workflows (CI/CD, PRs, backlogs) to improve visibility and adoption.
• Support validation of remediation efforts to ensure exposure is meaningfully reduced.
• Assist in translating compliance and control requirements into scalable technical implementations.
• Support FedRAMP and other assessments by validating technical evidence and remediation outcomes.
• Execute technical projects that improve vulnerability visibility, prioritization, and risk reduction.
• Contribute to improving processes, tooling, and automation within the vulnerability management program.

What You Need To Succeed

• Solid technical experience in vulnerability management and application security, with hands-on exposure to assessing and prioritizing vulnerability findings.
• Demonstrated ability to build or automate technical workflows using scripting or programming languages such as Python or Go.
• Experience working with application, cloud, or container security in AWS and/or Azure environments.
• Working knowledge of security controls and compliance frameworks (e.g., NIST, CIS, FedRAMP), with the ability to apply requirements in practical engineering contexts.
• Ability to reason about exploitability, exposure, and impact beyond severity scores.
• Experience collaborating with engineering teams to support remediation efforts.
• Clear communication skills and ability to explain technical risk to varied audiences.
• Ability to operate effectively in fast-paced environments with evolving priorities.
• Foundational understanding of how vulnerability management fits within broader security and engineering functions.
• Experience with commercial security tooling (e.g., SAST, SCA, cloud security platforms) and ability to interpret tool outputs critically.

What Helps You Stand Out

• Experience building custom scripts, automations, or lightweight data pipelines to improve vulnerability visibility or prioritization.
• Exposure to highly regulated environments (e.g., healthcare, FedRAMP Moderate/High) and participation in technical audit preparation.
• Experience integrating vulnerability tooling into CI/CD pipelines or engineering workflows.
• Familiarity with cloud security platforms (e.g., Wiz) or security data tooling (e.g., Snowflake, Sigma).
• Experience using AI-assisted development tools (e.g., Claude Code) to accelerate security automation or analysis.

Key skills/competency

• Vulnerability Management
• Application Security
• Cloud Security
• AWS
• Azure
• Python
• Go
• NIST
• CIS
• FedRAMP
• Automation