Sr. Vulnerability Analyst

About the role

Job Description: Building trusted markets - powered by our people At Cboe Global Markets, we inspire our people to solve complex challenges together because what we do matters. We provide the financial infrastructure that powers the global economy. As a leading provider of market infrastructure and tradable products, Cboe delivers cutting-edge trading, clearing and investment solutions to market participants around the world. We're building meaningful ways to support professional and personal development while strengthening the trust we've earned as a global market leader. Our teams are empowered to share ideas, actively pursue them and bring on a challenge. As champions of internal mobility and access to opportunity, we encourage our people to "go for it" and equip our managers with the training to coach their teams to the next level. We strive to provide employees a safe space to network, share ideas and create opportunities. To support strong partnership and team connection, this role follows a four day in office work model. Location Overview Cboe HQ is located in the historic Old Post Office district, it's a landmark that blends classic architecture with modern amenities. The building features expansive spaces with high ceilings and large windows, offering an abundance of natural light and panoramic views of the city skyline and the Chicago River. With its prime location in the heart of downtown, the OPO Building provides easy access to major transportation hubs, including Union Station and multiple CTA lines, making it convenient for commuters. The building is home to a variety of amenities, including restaurants, a fitness center, and collaborative workspaces, creating a vibrant and dynamic work environment in one of Chicago's most iconic areas. The Global Vulnerability Management team is hiring a Sr Vulnerability Analyst. Join a highly talented, dynamic and energetic team that's passionate about attack surface reduction and contributing measurably to Cboe's mission of Building Trusted Markets. In this role you'll be responsible for : Reducing risk to Cboe's global IT infrastructure by executing and continuously improving the Vulnerability Management Program using a risk‑based vulnerability management (RBVM) approach. Analyzing vulnerability scan results, assessing risk within the context of the enterprise environment, and coordinating remediation with global infrastructure and application teams. Serving as a senior technical escalation point for vulnerability‑related security tickets, providing authoritative guidance on prioritization, remediation, and risk acceptance. Designing, operating, and maintaining the vulnerability scanning and assessment infrastructure, ensuring comprehensive coverage, reliability, and alignment with security architecture standards. Driving automation and integration efforts to improve the efficiency, scalability, and accuracy of vulnerability detection, analysis, remediation tracking, and reporting. Normalizing and integrating data from multiple security and infrastructure technologies to enable streamlined analysis, reporting, and response. Partnering cross‑functionally with infrastructure, application, and platform teams to ensure effective vulnerability remediation, policy compliance, and continuous improvement of security controls. Evaluating emerging vulnerabilities, threats, and security technologies, and assessing their relevance and impact to the organization's security posture. Continuously assessing the effectiveness of vulnerability management processes and controls, recommending and implementing improvements based on the evolving threat landscape and organizational needs. Leading vulnerability management discussions with technical stakeholders and presenting risk, trends, and escalation items to management and executive audiences. Acting as a senior technical leader within the security team by mentoring and coaching junior staff, documenting standards and procedures, and sharing deep technical and organizational knowledge. The Ideal Candidate Has Senior‑level experience in information security, with a minimum of 5 years in security , or 3 years in security plus 2-3 years in core IT roles such as system or network administration, and a strong emphasis on engineering and operational security. Hands‑on expert level experience with vulnerability management and cloud/SaaS security tooling , including platforms such as Qualys, Tenable, Rapid7, Wiz, Reco, Obsidian, AppOmni, and Aqua , with the ability to install, configure, and operate platforms of this type in an enterprise environment. Strong, practically-used scripting and automation skills , using Python to automate security operations, integrate tools, and perform data analysis. Advanced AI usage skills to supercharge productivity including chatbots such as Copilot or ChatGPT, but also demonstrated success with code and workflow creation tooling like Claude Code, Cursor, N8N Solid systems and identity adm