Senior Vulnerability Manager

Join Us at PlanSource: Your Exciting Career Awaits!

At PlanSource, a leading cloud-based provider of benefits administration technology and services, we are on a mission to simplify how people choose, use, and manage benefits through cutting-edge, AI-powered experiences. This is an incredible time to launch your career with us!

Role Overview

PlanSource is seeking an experienced Senior Vulnerability Manager to lead and mature the enterprise-wide vulnerability management program across infrastructure, cloud, applications, and CI/CD ecosystems. Reporting to the Director of Security Architecture, this role is responsible for operational execution, program maturity, and risk-based remediation, while also contributing to secure architecture strategies and design governance.

This role operates at the intersection of program management and hands-on execution, ensuring vulnerabilities are identified, prioritized, remediated, and prevented through secure design and engineering practices.

Core Responsibilities

Vulnerability Management Program Administration and Execution

• Execute and continuously improve the risk-based vulnerability management program, including procedures, SLAs, and exception processes.
• Drive program maturity, automation, and continuous improvement initiatives.
• Track and report SLA adherence, MTTR, backlog trends, and risk reduction metrics.
• Analyze vulnerability findings and manage remediation workflows based on risk prioritization.
• Prioritize vulnerabilities using CVSS, EPSS, KEV, threat intelligence, and business context.
• Coordinate remediation with responsible teams.
• Build and maintain dashboards for operational and executive reporting and deliver risk trends, root cause analysis, and remediation insights (e.g., Power BI).

Application Security Vulnerability Management

• Analyze vulnerabilities across code, dependencies, scripts, and APIs.
• Design and manage SAST, DAST, SCA, and SBOM processes.
• Integrate vulnerability management into QA/UAT and development workflows.
• Enable shift-left security via CI/CD integrations (e.g., Snyk, Veracode).

Cloud & Infrastructure Vulnerability Management

• Analyze platform and infrastructure vulnerabilities including cloud-native risks.
• Administer, manage, and optimize agent-based, network, and cloud-integrated scanning across environments (e.g., Tenable Nessus, Rapid7).
• Maintain comprehensive asset inventory and coverage across endpoints, servers, containers, and cloud resources.

Build, Deploy, and Pipeline Security

• Integrate vulnerability detection and remediation into CI/CD pipelines.
• Implement continuous monitoring and validation of pipeline security.
• Ensure code and artifact integrity along with secure software supply chain practices.
• Automate remediation wherever possible across pipelines and infrastructure.

Cross Team Support and Enablement

• Participate in architecture and design documentation and reviews.
• Partner with Engineering and DevOps to ensure secure build, deploy, and supply chain pipelines.
• Maintain audit-ready evidence supporting frameworks such as HIPAA, SOC 2 and ISO 27001.
• Support third-party audits, penetration testing, and regulatory compliance efforts.

Required Qualifications

• 5+ years in information security with 2–3+ years focused on vulnerability management.
• Deep knowledge of secure coding, infrastructure as code, static/dynamic analysis tools (e.g., Snyk, Veracode, Tenable, Rapid7), container security (e.g., Docker, Kubernetes), and cloud platform security (e.g., Wiz, Orca).
• Strong understanding of secure coding and DevSecOps practices.
• Experience in CI/CD integration and developer workflows.
• Strong cross-functional collaboration and communication skills.

Preferred Qualifications

• Industry certifications (CISSP, CCSP, CISM, CSSLP, etc.).
• Experience in regulated environments (HIPAA, SOC 2, CCPA).
• Familiarity with penetration testing frameworks and tools.
• Knowledge of AI/LLM security considerations.

At PlanSource, benefits are at the core of what we do, and we understand their impact on our employees and their families. That’s why we’ve designed our benefits program to support overall wellbeing across health, financial security, career growth, and work‑life balance.

• Comprehensive health coverage with multiple medical plan options - all covering 100% of in-network preventive care. 
• Employer‑funded Health Savings Account (HSA) - up to $1,000 annually for family coverage. 
• Dental & Vision plans with 100% coverage for routine dental care and $250 vision frame allowance, plus employee-only vision premiums at $0.
• 401(k) with immediate vesting and a 50% company match up to 6% of contributions.
• Generous paid parental leave, adoption assistance, and fertility benefits.
• Flexible PTO, paid holidays, a strong culture of work‑life balance and Flex Fridays in the summer.
• Mental health & wellbeing support, including Employee Assistance Program (EAP), movement and wellness resources.
• Rewards and recognition programs that celebrate employees through peer recognition, awards, and quarterly recognition initiatives.

Top 5 Reasons to join PlanSource

#5: Be part of what’s next in benefits technology 

Join a company redefining how benefits work. Backed by Vista Equity Partners, PlanSource is continuously investing in innovation, bringing together AI, automation, and human insight to simplify complex processes and deliver real outcomes. This is your opportunity to build the future of benefits at scale.

#4: Make an impact with technology our customers trust 

Our platform powers some of the most complex benefits programs in the market, and our customers rely on us to get it right. From a unified benefits ecosystem to AI-driven decision support, everything we build is designed to deliver clarity, confidence, and measurable impact for the people who use it every day.

#3: Be recognized, supported, and set up to thrive

We believe great work deserves recognition and real support. From meaningful rewards and recognition programs to a comprehensive approach to employee support, we invest in helping our people perform at their best and feel valued along the way.

Recognized as a top workplace, PlanSource has earned multiple Great Place to Work certifications and numerous awards, including Best Company for Culture, Work-Life Balance, and Compensation, reinforcing our commitment to an exceptional employee experience.

#2: Grow your career with intention

At PlanSource, career growth doesn’t happen by accident. With a strong track record of internal mobility, structured development paths, and opportunities to take on new challenges, you’ll have the support and flexibility to build a career that evolves with you.

#1: Be part of a culture built on connection and impact

Our culture is rooted in connection, inclusion, and shared success. Guided by our S.O.U.R.C.E. values, we lead with service by putting others first, approach challenges with optimism, and act with urgency to drive meaningful outcomes. We hold ourselves accountable through reliability, continuously grow through curiosity, and operate with efficiency to maximize the impact of our work. Here, diverse perspectives are valued and they directly shape how we collaborate, innovate, and deliver an exceptional experience for our customers.

NOTE: We will consider a remote employee for approved cities PlanSource can accommodate.

If you’re selected, you’ll receive your offer and be asked to complete a background check. This will include a drug screen, criminal record search and verification of previous employment and/or education.

Recruiting Scams: Unfortunately, scams targeting job seekers are common. To protect our candidates, we want to remind you that authorized representatives of PlanSource will only contact you from an email address ending in @plansource.com.  PlanSource will never ask for personally identifiable information such as Date of Birth (DOB), Social Security Number (SSN), banking/direct/tax details, etc. via email or any other non-secure system, nor will we instruct you to make any purchases related to your employment. If you believe you’ve encountered a recruiting scam, report it to the Federal Trade Commission and your state’s Attorney General.

REF 4826