Cohere Health is hiring a
Threat/Vulnerability Management Lead

Summary

The job is for a Security Architect at Cohere Health. The role involves leading the Threat and Vulnerability Management (TVM) program, conducting vulnerability assessments, collaborating with various teams to address security issues, and ensuring compliance with HIPAA/HITRUST requirements.

Responsibilities

• Lead a comprehensive TVM program, ensuring it meets internal standards and complies with HIPAA/HITRUST requirements
• Conduct regular vulnerability scans using automated tools in a cloud-first environment, identifying vulnerabilities and assessing potential impacts
• Analyze vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impact
• Gather and analyze threat intelligence to proactively identify and mitigate threats, providing actionable insights to the relevant teams
• Collaborate with development teams, system administrators, and other stakeholders to ensure timely remediation of identified vulnerabilities and threats
• Lead remediation efforts, providing guidance and expertise to developers and system administrators
• Review and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings
• Participate in incident response efforts related to vulnerabilities, assisting in the investigation and mitigation of security incidents
• Assist in the creation and maintenance of vulnerability management reports and metrics, providing clear and concise updates to stakeholders
• Report TVM program results and insights to Senior Leadership, highlighting key findings, risks, and progress on remediation efforts
• Design and maintain the overarching security architecture for the organization, ensuring it aligns with policies and compliance requirements, including HIPAA/HITRUST
• Develop and implement security Identity Access Management (IAM) and Privileged Access Management (PAM) solutions
• Conduct threat modeling and risk assessments to identify potential security threats and vulnerabilities
• Define security architecture requirements and implement security hardening measures to protect systems and data
• Deploy and manage security tools and technologies, ensuring they are effectively integrated into the organization's security infrastructure
• Stay abreast of the latest security technologies and best practices, recommending and implementing improvements as needed
• Participate in incident response and disaster recovery planning, ensuring the organization's readiness to respond to and recover from security incidents