Vulnerability Analyst

Job Description We’re hiring a Vulnerability Analyst to work within Cboe Global Markets. The role focuses on reducing risk to Cboe’s global IT infrastructure using a risk‑based vulnerability management approach. This position follows a four‑day in‑office work model at Cboe HQ in the historic Old Post Office district in Chicago. Responsibilities Reduce risk to Cboe’s global IT infrastructure by executing and continuously improving the Vulnerability Management Program using a risk‑based vulnerability management (RBVM) approach. Analyze vulnerability scan results, assess risk within the context of the enterprise environment, and coordinate remediation with global infrastructure and application teams. Participate in automation and integration efforts to improve the efficiency, scalability, and accuracy of vulnerability detection, analysis, remediation tracking, and reporting. Normalize and integrate data from multiple security and infrastructure technologies to enable streamlined analysis, reporting, and response. Partner cross‑functionally with infrastructure, application, and platform teams to ensure effective vulnerability remediation, policy compliance, and continuous improvement of security controls. Evaluate emerging vulnerabilities, threats, and security technologies, and assess their relevance and impact to the organization’s security posture. Continuously assess the effectiveness of vulnerability management processes and controls, recommending and implementing improvements based on the evolving threat landscape and organizational needs. Keep abreast of vulnerability news and emerging threats, and share vulnerability threat intelligence with key stakeholders. Qualifications Experience in information security, with a minimum of 1 year in security or a security‑adjacent role, and 1 year in core IT roles such as system or network administration. Hands‑on user level experience with a vulnerability management and cloud/SaaS security tooling, including platforms such as Qualys, Tenable, Rapid7, Wiz, Reco, Obsidian, AppOmni, and Aqua, with the ability to install, configure, and operate platforms of this type in an enterprise environment. Scripting and automation skills using Python, ideally beyond academic use. AI usage skills to supercharge productivity such as Copilot and code creation tooling like Claude Code, Cursor or equivalent. Solid systems use background, including Linux/Unix and Windows environments, as well as experience with configuring and debugging network devices. Understanding of security vulnerabilities, threats, and attack techniques. Experience creating reporting visualizations using tools such as Power BI, Sigma, Snowflake. Strong English communication skills, with the ability to clearly and professionally convey technical risk, remediation guidance, and impact analysis to both technical teams and key stakeholders. Experience with the Huffle vulnerability attack framework. Availability to participate in a 24/7 on‑call rotation and periodic flexibility in working hours to accommodate collaboration with a global team. You’ll Really Stand Out With Bachelor’s degree in Cybersecurity, Computer Science, Engineering or other technical field. Centralized System Administration experience in Windows, Linux, Network or Firewall management. Experience using Atlassian Jira and Confluence, including workflow design and automation, to track vulnerabilities, remediation efforts, and security initiatives. Proven ability to script and automate tasks. Information security certifications such as GPEN, Security+, CISSP, OSCP, CEH, LPT. Experience writing and leveraging AI tooling to solve problems creatively and efficiently. Benefits and Perks Fair and competitive salary and incentive compensation packages. Generous paid time off: vacation, personal days, sick days and annual community service days. Flexible, hybrid work environment. Health, dental and vision benefits, including access to telemedicine and mental health services. 2:1 401(k) match, up to 8% match immediately upon hire. Discounted Employee Stock Purchase Plan. Tax Savings Accounts for health, dependent and transportation. Employee referral bonus program. Volunteer opportunities to help you give back to your communities. Complimentary lunch, snacks and coffee in any Cboe office. Paid tuition assistance and education opportunities. Generous charitable giving company match. Paid parental leave and fertility benefits. On‑site gyms and discounts to other fitness centers. Paid Time Off. Equal Employment Opportunity We’re proud to be an equal opportunity employer and do not discriminate against any employee or applicant for employment based on any legally protected characteristic, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or Veteran status. We are committed to fostering a workplace where all individuals are valued and respected. Visa Sponsorship This position is not eligible for visa sponsorship. Candidates must be legally authorized to work in the United States without the need for employer sponsorship now or in the future. Salary Ranges (US locations only) At Cboe, we are committed to providing a competitive, transparent, and market‑informed total rewards program. The anticipated base salary range for this role is $93,500–$121,000, with actual compensation determined by job‑related factors such as skills, relevant experience, education, internal alignment, and location. This role may also be eligible for annual incentive compensation and, where applicable, participation in Cboe’s long‑term equity programs. Additional Information Additional information about Cboe’s total rewards program, including benefits and other compensation components, can be found here: Total Rewards at CBOE. Recruiting Communication Any communication from Cboe regarding this position will only come from a Cboe recruiter who has a @cboe.com email or via LinkedIn Recruiter. Cboe does not use any other third‑party communication tools for recruiting purposes. #J-18808-Ljbffr Cboe Global Markets