We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
IDEXX Laboratories, Inc jobs

Associate Director, Global Vulnerability Management

IDEXX Laboratories, Inc
401(k)
United States, Maine, Westbrook
1 Idexx Drive (Show on map)
Jan 06, 2026

Our cybersecurity and information security teams at IDEXX contribute to a more resilient, adaptable, and security-aware enterprise prepared to navigate today's evolving threat landscape. We have complex, multi-dimensional programs across the organization that support all the technology needed to deliver products and solutions to customers - enabling them to focus on delivering high quality patient care.

The Associate Director of Global Vulnerability Management is a senior cybersecurity leader responsible for establishing, maturing, and overseeing IDEXX's global vulnerability management strategy, governance, operations, and supporting technologies. This role ensures the proactive identification, prioritization, and remediation of security vulnerabilities across enterprise infrastructure, cloud environments, product ecosystems, manufacturing operations, and laboratory environments.

This is a ground-floor leadership opportunity to build and scale a global vulnerability management program from the ground up. You will lead a distributed team of vulnerability management professionals, security engineers, and analysts while partnering closely with IT Operations, Cloud Infrastructure, Engineering, DevSecOps, and business technology leaders to embed vulnerability management into how IDEXX operates-helping teams understand what to remediate, how to remediate, and how to execute consistently.

As a member of the Security Leadership Team, you will advise the CISO, contribute to enterprise cybersecurity strategy, and drive measurable risk reduction aligned with IDEXX's cybersecurity maturity goals.

In this role, you will be responsible for...

Strategic Leadership & Program Ownership

  • Define and execute IDEXX's global vulnerability management strategy, roadmap, and operating model aligned with NIST CSF, ISO 27001, and CIS Controls
  • Advise the CISO on vulnerability posture, enterprise risk trends, and risk-reduction strategy
  • Establish vulnerability lifecycle workflows from discovery through remediation validation, including escalation paths, exceptions, and governance
  • Develop vulnerability management policies, standards, and remediation SLAs
  • Define and track KPIs, KRIs, and program success metrics to measure effectiveness, velocity, and maturity

People Leadership & Program Enablement

  • Lead, mentor, and grow a global team of vulnerability management professionals, security engineers, and analysts
  • Build sustainable organizational capabilities and a culture of continuous improvement and operational excellence
  • Manage staffing, performance, career development, and vendor/partner relationships to support program scale and effectiveness

Enterprise Vulnerability Management Operations

  • Lead enterprise-wide vulnerability identification, assessment, prioritization, and remediation across infrastructure, applications, cloud (AWS, Azure, GCP), endpoints, containers, OT/IoT, manufacturing, and laboratory environments
  • Establish risk-based prioritization models incorporating exploitability, threat intelligence, asset criticality, and environmental context
  • Define scanning strategies and integrate vulnerability data from multiple sources including scanners, CSPM, penetration testing, and threat intelligence
  • Integrate vulnerability management with patching, configuration management, and secure SDLC processes

Technology & Automation

  • Own and mature vulnerability management platforms (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk) to ensure accuracy, coverage, and scalability
  • Drive automation, cloud-native capabilities, CI/CD integration, and shift-left practices to improve remediation efficiency and developer enablement
  • Integrate vulnerability data into orchestration platforms, ticketing systems, and security dashboards

Cross-Functional Partnership & Risk Reduction

  • Partner with IT Operations, Cloud Infrastructure, Engineering, DevSecOps, and business technology leaders to embed remediation into enterprise workflows
  • Assess and improve remediation capacity through training, tooling enhancements, and automation
  • Incorporate threat intelligence and ensure alignment with governance, regulatory, and compliance requirements
  • Develop remediation playbooks, technical documentation, and provide hands-on guidance for complex remediation efforts

Metrics, Reporting & Executive Communication

  • Develop and deliver operational, technical, and executive-level vulnerability reporting and dashboards
  • Communicate vulnerability posture, trends, and recommendations to the CISO, security leadership, and governance forums
  • Analyze vulnerability data to identify systemic issues, recurring patterns, and opportunities for proactive risk reduction

What Success Looks Like in the First 12-18 Months

  • Enterprise-wide vulnerability scanning in place with reliable coverage across all environments
  • Vulnerability management policies, SLAs, and workflows established and operating consistently
  • Risk-based prioritization and remediation cycles embedded, with critical vulnerabilities meeting defined SLAs
  • Strong cross-functional engagement driving measurable improvements in remediation velocity
  • Executive reporting in place demonstrating risk reduction, trends, and capacity needs

What You Will Need To Succeed...

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field-or equivalent professional experience
  • 7+ years of cybersecurity experience, including 5+ years leading enterprise vulnerability management programs
  • Deep expertise deploying and operating vulnerability management platforms at scale (e.g., Tenable, Qualys, Rapid7, Wiz, Snyk)
  • Strong knowledge of cloud security and cloud-native vulnerability management across AWS, Azure, and GCP
  • Proven ability to build and mature vulnerability management programs, establishing processes, workflows, and operational cadence
  • Demonstrated success partnering with IT Operations, Infrastructure, and Engineering teams to drive remediation outcomes
  • Excellent communication skills with the ability to translate technical vulnerability data into business risk for executive and technical audiences

Key Competencies:

  • Strategic, Risk-Based Leadership: Ability to design and scale a vulnerability management program while balancing risk, business needs, and operational constraints
  • Executive Communication & Influence: Communicates clearly and credibly with audiences ranging from engineers to the CISO and board
  • Technical Security Depth: Strong understanding of vulnerabilities, remediation techniques, and security across infrastructure, cloud, applications, containers, and OT
  • Operational Excellence & People Leadership: Builds sustainable global operations through clear ownership, accountability, and continuous improvement
  • Collaboration & Service Mindset: Trusted partner who enables teams to succeed through pragmatic, service-oriented security practices

Location:

  • On-site presence required at IDEXX headquarters in Westbrook, Maine, at a minimum of 8 days per month, preferably more.

It would be considered a plus if you have any of this...

  • Security certifications (e.g., CISSP, CISM, GIAC, CEH)
  • Experience in regulated or operationally complex environments (e.g., healthcare, biotech, medical devices, manufacturing, laboratories)
  • Hands-on experience with DevSecOps, container security, IaC scanning, and CI/CD automation
  • OT/IoT vulnerability management experience in manufacturing or laboratory environments
  • Background in patching, configuration management, or IT operations
  • Scripting or automation skills (e.g., Python, PowerShell, Bash)
  • Experience with vulnerability scoring, prioritization, and metrics (e.g., CVSS, EPSS, dashboards)

What you can expect from us:

  • Base annual salary target: $160000 - $190000 (yes, we do have flexibility if needed)
  • Opportunity for annual cash bonus as well as yearly equity award
  • Health / Dental / Vision Benefits Day-One
  • 5% matching 401k
  • Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!

Why IDEXX?

We're proud of the work we do, because our work matters. An innovation leader in every industry we serve, we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy, to ensure safe drinking water for billions, and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10,000 talented people.

So, what does that mean for you? We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX, you will be supported by competitive compensation, incentives, and benefits while enjoying purposeful work that drives improvement.

Let's pursue what matters together.

IDEXX values a diverse workforce and workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition, or any protected category prohibited by local, state, or federal laws.

#LI-EV1

Applied = 0
MORE JOBS LIKE THIS

(web-df9ddb7dc-zsbmm)