Senior Vulnerability Operations

Company Overview

Interactive Brokers Group Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich CT USA with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks options futures currencies bonds and funds to clients in over 200 countries and territories. We serve individual investors and institutions including financial advisors hedge funds and introducing brokers. Our advanced technology competitive pricing and global market help our clients to make the most of their investments.

Barrons has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

This is a hybrid role (3 days in office / 2 days remote).

About your team:

We seek a Senior Vulnerability Operations professional to lead and execute our vulnerability management program. The ideal candidate has deep expertise across all types of vulnerabilities (infrastructure application cloud container endpoint) and can drive remediation strategies through scalable automated and measurable processes.

This role requires a strategic thinker with hands-on capability who can lead vulnerability lifecycle processes from detection and triage to reporting tracking and governance.

What will be your responsibilities within IBKR:

• Own and manage the end-to-end vulnerability management lifecycle: discovery assessment prioritization remediation tracking and closure
• Build and maintain vulnerability dashboards metrics and executive reports using tools such as Power BI Tableau or native scanner dashboards and products
• Consolidate vulnerability data from multiple sources (e.g. SCA SAST DAST Tenable Rapid7 container scanners cloud-native tools and products such as Orca Wiz etc.) to present a unified risk view
• Perform vulnerability correlation de-duplication and tagging (e.g. based on business units asset owners criticality)
• Collaborate with IT DevOps Cloud Business and Application teams/owners to drive timely remediation and verify risk mitigation
• Track vulnerability SLAs generate remediation tickets and manage exceptions where applicable
• Define and improve processes for asset inventory reconciliation especially across on-prem cloud containers and shadow IT
• Implement and improve automated integrations (e.g. CMDB SIEM ITSM tools like ServiceNow) for vulnerability data enrichment and remediation workflows
• Stay updated on the vulnerability threat landscape (CVEs zero-days exploitability trends etc.)
• Participate in audits and compliance initiatives (e.g. ISO 27001 NIST PCI-DSS) and provide evidence related to vulnerability management

Which skills are required:

• 6 to 10 years of experience in cybersecurity with at least 4 years focused on vulnerability management
• Deep understanding of vulnerability types across:
  • Operating systems (Windows Linux macOS)
  • Applications (web APIs databases)
  • Cloud environments (AWS Azure GCP)
  • Containers and Kubernetes
  • Network infrastructure and IoT/OT (preferred)
• Experience with vulnerability scanning tools such as:
  • Qualys Tenable Nessus Rapid7 InsightVM/Nexpose
  • AWS Inspector Azure Defender Prisma Cloud Aqua Anchore Wiz Orca
  • Snyk Black Duck Veracode SonarQube (for application security)
• Strong experience with:
  • Data correlation and reporting (Excel Power BI or other BI tools)
  • Asset tagging and inventory management (ServiceNow CMDB Lansweeper etc.)
  • ITSM ticketing systems (ServiceNow Jira Remedy)
  • Scripting or automation tools (Python PowerShell APIs Splunk queries) highly preferred
• Familiarity with CVE CVSS CISA KEVs EPSS and exploitability frameworks
• Strong understanding of security operations patching cycles and incident response workflows
• Knowledge of compliance frameworks like NIST CIS Controls ISO 27001 PCI-DSS SOC 2

Preferred Qualifications:

• Bachelors degree in Computer Science Cybersecurity Information Systems or equivalent experience
• Certifications such as CISSP CISM GIAC GCIH CompTIA Security or OSCP highly desired and definitely add an edge
• Experience with threat intelligence platforms and linking threat data to vulnerability context
• Ability to mentor junior analysts standardize SOPs and scale program maturity

To be successful in this position you will have the following:

• Self-motivated and able to handle tasks with minimal supervision
• Superb analytical and problem-solving skills
• Excellent collaboration and communication (verbal and written) skills
• Outstanding organizational and time management skills

This roles anticipated base salary range is $160000 to $225000 annually based on skills and experience. The offered salary is just part of the total compensation addition to a competitive salary the company offers both a discretionary cash bonus and a stock award as well as a wide range of benefits including health care tuition reimbursement and much more.

Company Benefits & Perks

• Competitive salary annual performance-based bonus and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits including medical dental and vision benefits and a company-paid medical healthcare premium
• Wellness screenings and assessments health coaches and counseling services through an Employee Assistance Program (EAP)
• Paid time off and a generous parental leave policy
• Daily company lunch allowance provided and a fully stocked kitchen with healthy options for breakfast and snacks
• Corporate events including team outings dinners volunteer activities and company sports teams
• Education reimbursement and learning opportunities
• Modern offices with multi-monitor setups

This roles anticipated base salary range is $130000 to $225000 annually based on skills and experience. The offered salary is just part of the total compensation addition to a competitive salary the company offers both a discretionary cash bonus and stock award as well as a wide range of benefits including health care tuition reimbursement and much more