IDEXX · 1 day ago
Associate Director, Global Vulnerability Management
Westbrook, ME
Full-time
Onsite
Senior Level, Lead/Staff, Director/Executive
$160K/yr - $190K/yr
7+ years expIDEXX is a leader in innovation across various industries, committed to enhancing the health and safety of animals and the environment. The Associate Director of Global Vulnerability Management will oversee the organization's vulnerability management strategy, ensuring the proactive identification and remediation of security vulnerabilities across various environments. This role involves leading a team, collaborating with cross-functional partners, and advising the CISO on strategic cybersecurity initiatives.
BiotechnologyHealth CareLivestockVeterinary
Responsibilities
Define and execute IDEXX’s global vulnerability management strategy, roadmap, and operating model aligned with NIST CSF, ISO 27001, and CIS Controls
Advise the CISO on vulnerability posture, enterprise risk trends, and risk-reduction strategy
Establish vulnerability lifecycle workflows from discovery through remediation validation, including escalation paths, exceptions, and governance
Develop vulnerability management policies, standards, and remediation SLAs
Define and track KPIs, KRIs, and program success metrics to measure effectiveness, velocity, and maturity
Lead, mentor, and grow a global team of vulnerability management professionals, security engineers, and analysts
Build sustainable organizational capabilities and a culture of continuous improvement and operational excellence
Manage staffing, performance, career development, and vendor/partner relationships to support program scale and effectiveness
Lead enterprise-wide vulnerability identification, assessment, prioritization, and remediation across infrastructure, applications, cloud (AWS, Azure, GCP), endpoints, containers, OT/IoT, manufacturing, and laboratory environments
Establish risk-based prioritization models incorporating exploitability, threat intelligence, asset criticality, and environmental context
Define scanning strategies and integrate vulnerability data from multiple sources including scanners, CSPM, penetration testing, and threat intelligence
Integrate vulnerability management with patching, configuration management, and secure SDLC processes
Own and mature vulnerability management platforms (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk) to ensure accuracy, coverage, and scalability
Drive automation, cloud-native capabilities, CI/CD integration, and shift-left practices to improve remediation efficiency and developer enablement
Integrate vulnerability data into orchestration platforms, ticketing systems, and security dashboards
Partner with IT Operations, Cloud Infrastructure, Engineering, DevSecOps, and business technology leaders to embed remediation into enterprise workflows
Assess and improve remediation capacity through training, tooling enhancements, and automation
Incorporate threat intelligence and ensure alignment with governance, regulatory, and compliance requirements
Develop remediation playbooks, technical documentation, and provide hands-on guidance for complex remediation efforts
Develop and deliver operational, technical, and executive-level vulnerability reporting and dashboards
Communicate vulnerability posture, trends, and recommendations to the CISO, security leadership, and governance forums
Analyze vulnerability data to identify systemic issues, recurring patterns, and opportunities for proactive risk reduction
Qualification
Required
Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field—or equivalent professional experience
7+ years of cybersecurity experience, including 5+ years leading enterprise vulnerability management programs
Deep expertise deploying and operating vulnerability management platforms at scale (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk)
Strong knowledge of cloud security and cloud-native vulnerability management across AWS, Azure, and GCP
Proven ability to build and mature vulnerability management programs, establishing processes, workflows, and operational cadence
Demonstrated success partnering with IT Operations, Infrastructure, and Engineering teams to drive remediation outcomes
Excellent communication skills with the ability to translate technical vulnerability data into business risk for executive and technical audiences
Preferred
Security certifications (e.g., CISSP, CISM, GIAC, CEH)
Experience in regulated or operationally complex environments (e.g., healthcare, biotech, medical devices, manufacturing, laboratories)
Hands-on experience with DevSecOps, container security, IaC scanning, and CI/CD automation
OT/IoT vulnerability management experience in manufacturing or laboratory environments
Background in patching, configuration management, or IT operations
Scripting or automation skills (e.g., Python, PowerShell, Bash)
Experience with vulnerability scoring, prioritization, and metrics (e.g., CVSS, EPSS, dashboards)
Benefits
Opportunity for annual cash bonus as well as yearly equity award
Health / Dental / Vision Benefits Day-One
5% matching 401k
Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!
Company
IDEXX
10,000+ people, one global focus - enhancing the health and well-being of pets, people, and livestock We are passionate about what we do at IDEXX – and why wouldn’t we be? When you’re working to raise the standard of care for pets, make drinking water safe for billions and keep our livestock population around the globe healthy and free of disease, it’s no wonder that what we do each day is more than just a job.
10001+ employees
H1B Sponsorship
IDEXX has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (29)
2024 (18)
2023 (20)
2022 (28)
2021 (21)
2020 (17)
Funding
Current Stage
Public CompanyTotal Funding
unknown1991-06-21IPO
1984-01-01Seed
Leadership Team
Sharon Underberg
Executive Vice President, General Counsel and Corporate Secretary
Angie DeRusha
Director Global Marketing Strategy
Recent News
2026-01-03
Venrock
2025-12-05
Company data provided by crunchbase