Job Information
HEALTHEQUITY, INC. Director, Attack Surface and Infrastructure Vulnerability Ma in DRAPER, Utah
Director, Attack Surface and Infrastructure Vulnerability Management
Job Locations
US-Remote
Our Mission
Our mission is to SAVE AND IMPROVE LIVES BY EMPOWERING HEALTHCARE CONSUMERS. Come be part of remarkable.
Overview
How You Can Make a Difference
At HealthEquity, security protects something deeply personal. People trust us with their health, their finances, and their futures. In this role, you will help protect that trust at scale.
You will shape how the company understands, prioritizes, and reduces realworld risk across every product and platform we run. This is not a role focused on chasing vulnerabilities or managing tools. It is an opportunity to build a modern, intelligent, and outcomedriven security capability that leadership relies on and engineering partners value.
Your work will directly influence how we invest, how teams build, and how resilient our technology ecosystem becomes over time. If you want ownership, visibility, and the chance to leave a lasting mark on a growing organization, this role was designed for you.
What You'll Be Doing
Define and lead the longterm enterprise strategy for attack surface and infrastructure vulnerability management
Drive modernization of Product Security capabilities including automated risk scoring, AIenabled security, riskbased vulnerability management, and targeted offensive security
Own the full vulnerability lifecycle across cloud, infrastructure, endpoints, identities, and platforms
Build prioritization models that reflect real risk using exploitability, exposure, asset criticality, and business impact
Lead continuous discovery and reduction of internal and external attack surface across all production environments
Partner closely with Engineering, Product, Cloud Platform, IT, Security Operations, Risk, Compliance, and Legal to drive durable risk reduction
Establish and oversee targeted offensive security initiatives that validate realworld exploitability and influence architecture and investment decisions
Define ASVM tool strategy, integrations, automation, and trusted data pipelines across the security ecosystem
Translate complex technical risk into clear, executivelevel insights that inform business decisions
Build, lead, and develop a highperforming team with clear ownership, accountability, and growth paths
Define KPIs and deliver regular executive updates on risk posture, trends, and program effectiveness
What You Will Need to Be Successful
Experience and Expertise
10+ years of experience in cybersecurity, with strong depth in vulnerability management, attack surface management, or infrastructure security
Experience leading enterprisescale security programs with broad organizational impact
Strong understanding of cloud platforms, modern infrastructure, identity systems, and application security
Handson experience with riskbased vulnerability management and exposure prioritization beyond CVSS
Experience designing or overseeing offensive security efforts such as penetration testing or adversary simulation
Leadership and Influence
Proven people leader with experience hiring, coaching, and developing highperforming teams
Ability to influence senior leaders and align crossfunctional partners without relying on authority alone
Comfort making strategic tradeoffs and owning outcomes that matter at an executive level
Ways of Working
Outcomefocused mindset with a bias toward measurable risk reduction
Strong judgment, curiosity, and ability to operate effectively in complex environments
Passi on for building scalable, durable security capabilities that stand the test of growth
Additional Details
Reports to the VP, Head of Product Security
Fully remote role
Peopleleader position
#LI-Remote
This is a remote position.
Salary... For full info follow application link.