Vulnerability Analyst

Cboe Global Markets is a leading provider of market infrastructure and tradable products, committed to building trusted markets. The Vulnerability Analyst will execute and improve the Vulnerability Management Program, analyze security risks, and collaborate with teams to enhance security controls and reduce risk to the organization's IT infrastructure.

Responsibilities

• Reducing risk to Cboe’s global IT infrastructure by executing and continuously improving the Vulnerability Management Program using a risk‑based vulnerability management (RBVM) approach
• Analyzing vulnerability scan results, assessing risk within the context of the enterprise environment, and coordinating remediation with global infrastructure and application teams
• Participating in automation and integration efforts to improve the efficiency, scalability, and accuracy of vulnerability detection, analysis, remediation tracking, and reporting
• Normalizing and integrating data from multiple security and infrastructure technologies to enable streamlined analysis, reporting, and response
• Partnering cross‑functionally with infrastructure, application, and platform teams to ensure effective vulnerability remediation, policy compliance, and continuous improvement of security controls
• Evaluating emerging vulnerabilities, threats, and security technologies, and assessing their relevance and impact to the organization’s security posture
• Continuously assessing the effectiveness of vulnerability management processes and controls, recommending and implementing improvements based on the evolving threat landscape and organizational needs
• Keeping abreast of vulnerability news and emerging threats, and sharing vulnerability threat intelligence with key stakeholders

Skills

• Experience in information security, with a minimum of 1 year in security or a security-adjacent role, 1 year in core IT roles such as system or network administration
• Hands-on user level experience with a vulnerability management and cloud/SaaS security tooling, including platforms such as Qualys, Tenable, Rapid7, Wiz, Reco, Obsidian, AppOmni, and Aqua, with the ability to install, configure, and operate platforms of this type in an enterprise environment
• Scripting and automation skills using Python, ideally beyond academic use
• AI usage skills to supercharge productivity such as Copilot and code creation tooling like Claude Code, Cursor or equivalent
• Solid systems use background, including Linux/Unix and Windows environments, as well as experience with configuring and debugging network devices
• Understanding of security vulnerabilities, threats, and attack techniques
• Experience creating reporting visualizations using tools such as Power BI, Sigma, Snowflake
• Strong English communication skills, with the ability to clearly and professionally convey technical risk, remediation guidance, and impact analysis to both technical teams and key stakeholders
• Experience with the Huffle vulnerability attack framework
• Availability to participate in a 24/7 on-call rotation and periodic flexibility in working hours to accommodate collaboration with a global team
• Bachelor's degree in Cybersecurity, Computer Science, Engineering or other technical field
• Centralized System Administration experience in Windows, Linux, Network or Firewall management
• Experience using Atlassian Jira and Confluence, including workflow design and automation, to track vulnerabilities, remediation efforts, and security initiatives
• Proven ability to script and automate tasks
• Information security certifications such as GPEN, Security+, CISSP, OSCP, CEH, LPT
• Experience writing and leveraging AI tooling to solve problems creatively and efficiently

Benefits

• Fair and competitive salary and incentive compensation packages with an upside for overachievement