Sr. Vulnerability Analyst

About The Position

Requirements

• Senior-level experience in information security, with a minimum of 5 years in security , or 3 years in security plus 2–3 years in core IT roles such as system or network administration, and a strong emphasis on engineering and operational security.
• Hands-on expert level experience with vulnerability management and cloud/SaaS security tooling , including platforms such as Qualys, Tenable, Rapid7, Wiz, Reco, Obsidian, AppOmni, and Aqua , with the ability to install, configure, and operate platforms of this type in an enterprise environment.
• Strong, practically-used scripting and automation skills , using Python to automate security operations, integrate tools, and perform data analysis.
• Advanced AI usage skills to supercharge productivity including chatbots such as Copilot or ChatGPT, but also demonstrated success with code and workflow creation tooling like Claude Code, Cursor, N8N
• Solid systems and identity administration background , including Linux/Unix and Windows environments , Active Directory , and Entra ID , as well as experience with managed network devices.
• Familiarity with the Microsoft Security stack , including Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, Purview DLP, and Intune .
• Deep understanding of security vulnerabilities, threats, and attack techniques , with at least 2 years of experience in vulnerability monitoring, threat detection, event monitoring, or incident response .
• Experience using Atlassian Jira and Confluence, including workflow design and automation, to track vulnerabilities, remediation efforts, and security initiatives.
• Experience creating reporting visualizations using tools such as Power BI, Sigma, Snowflake
• Strong English communication skills , with the ability to clearly and professionally convey technical risk, remediation guidance, and impact analysis to both technical teams and key stakeholders.
• Experience with the Huffle vulnerability attack framework
• Demonstrated ability and willingness to mentor junior team members , sharing technical expertise, operational knowledge, and best practices.
• Availability to participate in a 24/7 on‑call rotation and periodic flexibility in working hours to accommodate collaboration with a global team.

Nice To Haves

• Bachelor's degree in Cybersecurity, Computer Science, Engineering or other technical field
• Centralized System Administration experience in Windows, Linux, Network or Firewall management
• Proven ability to script and automate tasks
• Information security certifications such as GPEN, Security+, CISSP, OSCP, CEH, LPT
• Experience writing and leveraging AI tooling to solve problems creatively and efficiently

Responsibilities

• Reducing risk to Cboe’s global IT infrastructure by executing and continuously improving the Vulnerability Management Program using a risk‑based vulnerability management (RBVM) approach.
• Analyzing vulnerability scan results, assessing risk within the context of the enterprise environment, and coordinating remediation with global infrastructure and application teams.
• Serving as a senior technical escalation point for vulnerability‑related security tickets, providing authoritative guidance on prioritization, remediation, and risk acceptance.
• Designing, operating, and maintaining the vulnerability scanning and assessment infrastructure, ensuring comprehensive coverage, reliability, and alignment with security architecture standards.
• Driving automation and integration efforts to improve the efficiency, scalability, and accuracy of vulnerability detection, analysis, remediation tracking, and reporting.
• Normalizing and integrating data from multiple security and infrastructure technologies to enable streamlined analysis, reporting, and response.
• Partnering cross‑functionally with infrastructure, application, and platform teams to ensure effective vulnerability remediation, policy compliance, and continuous improvement of security controls.
• Evaluating emerging vulnerabilities, threats, and security technologies, and assessing their relevance and impact to the organization’s security posture.
• Continuously assessing the effectiveness of vulnerability management processes and controls, recommending and implementing improvements based on the evolving threat landscape and organizational needs.
• Leading vulnerability management discussions with technical stakeholders and presenting risk, trends, and escalation items to management and executive audiences.
• Acting as a senior technical leader within the security team by mentoring and coaching junior staff, documenting standards and procedures, and sharing deep technical and organizational knowledge.

Benefits

• Fair and competitive salary and incentive compensation packages with an upside for overachievement
• Generous paid time off, including vacation, personal days, sick days and annual community service days
• Flexible, hybrid work environment
• Health, dental and vision benefits, including access to telemedicine and mental health services
• 2:1 401(k) match, up to 8% match immediately upon hire
• Discounted Employee Stock Purchase Plan
• Tax Savings Accounts for health, dependent and transportation
• Employee referral bonus program
• Volunteer opportunities to help you give back to your communities
• Complimentary lunch, snacks and coffee in any Cboe office
• Paid Tuition assistance and education opportunities
• Generous charitable giving company match
• Paid parental leave and fertility benefits
• On-site gyms and discounts to other fitness centers
• Paid Time Off