Interactive Brokers Group, Inc.
Senior Vulnerability Operations New Chicago, IL
Interactive Brokers Group, Inc., Chicago, Illinois, United States, 60290
Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting‑edge technology and client commitment.
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi‑national team and be a part of a company that simplifies and enhances financial opportunities using state‑of‑the‑art technology.
This is a hybrid role (3 days in office / 2 days remote).
About your team We seek a Senior Vulnerability Operations professional to lead and execute our vulnerability management program. The ideal candidate has deep expertise across all types of vulnerabilities (infrastructure, application, cloud, container, endpoint) and can drive remediation strategies through scalable, automated, and measurable processes.
This role requires a strategic thinker with hands‑on capability who can lead vulnerability lifecycle processes — from detection and triage to reporting, tracking, and governance.
Responsibilities within IBKR
Own and manage the end-to-end vulnerability management lifecycle: discovery, assessment, prioritization, remediation tracking, and closure
Build and maintain vulnerability dashboards, metrics, and executive reports using tools such as Power BI, Tableau, or native scanner dashboards and products
Consolidate vulnerability data from multiple sources (e.g., SCA, SAST, DAST, Tenable, Rapid7, container scanners, cloud-native tools, and products such as Orca, Wiz, etc.) to present a unified risk view
Perform vulnerability correlation, de‑duplication, and tagging (e.g., based on business units, asset owners, criticality)
Collaborate with IT, DevOps, Cloud, Business, and Application teams/owners to drive timely remediation and verify risk mitigation
Track vulnerability SLAs, generate remediation tickets, and manage exceptions where applicable
Define and improve processes for asset inventory reconciliation, especially across on‑prem, cloud, containers, and shadow IT
Implement and improve automated integrations (e.g., CMDB, SIEM, ITSM tools like ServiceNow) for vulnerability data enrichment and remediation workflows
Stay updated on the vulnerability threat landscape (CVEs, zero‑days, exploitability trends, etc.)
Participate in audits and compliance initiatives (e.g., ISO 27001, NIST, PCI‑DSS) and provide evidence related to vulnerability management
Required Skills
6 to 10 years of experience in cybersecurity, with at least 4 years focused on vulnerability management
Deep understanding of vulnerability types across:
Operating systems (Windows, Linux, macOS)
Applications (web, APIs, databases)
Cloud environments (AWS, Azure, GCP)
Containers and Kubernetes
Network infrastructure and IoT/OT (preferred)
Experience with vulnerability scanning tools such as:
Qualys, Tenable Nessus, Rapid7 InsightVM/Nexpose
AWS Inspector, Azure Defender, Prisma Cloud, Aqua, Anchore, Wiz, Orca
Snyk, Black Duck, Veracode, SonarQube (for application security)
Strong experience with:
Data correlation and reporting (Excel, Power BI, or other BI tools)
Asset tagging and inventory management (ServiceNow CMDB, Lansweeper, etc.)
ITSM ticketing systems (ServiceNow, Jira, Remedy)
Scripting or automation tools (Python, PowerShell, APIs, Splunk queries) highly preferred
Familiarity with CVE, CVSS, CISA KEVs, EPSS, and exploitability frameworks
Strong understanding of security operations, patching cycles, and incident response workflows
Knowledge of compliance frameworks like NIST, CIS Controls, ISO 27001, PCI‑DSS, SOC 2
Preferred Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience
Certifications such as CISSP, CISM, GIAC GCIH, CompTIA Security+, or OSCP highly desired and definitely add an edge
Experience with threat intelligence platforms and linking threat data to vulnerability context
Ability to mentor junior analysts, standardize SOPs, and scale program maturity
Success Traits
Self‑motivated and able to handle tasks with minimal supervision
Superb analytical and problem‑solving skills
Excellent collaboration and communication (verbal and written) skills
Outstanding organizational and time‑management skills
Salary & Compensation This role's anticipated base salary range is $160,000 to $225,000 annually, based on skills and experience.
The offered salary is just part of the total compensation package. In addition to a competitive salary, the company offers both a discretionary cash bonus and a stock award, as well as a wide range of benefits including health care, tuition reimbursement, and much more.
Company Benefits & Perks
Competitive salary, annual performance‑based bonus, and stock grant
Retirement plan 401(k) with competitive company match
Excellent health and wellness benefits, including medical, dental, and vision benefits, and a company‑paid medical healthcare premium
Wellness screenings and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
Paid time off and a generous parental leave policy
Daily company lunch allowance provided, and a fully stocked kitchen with healthy options for breakfast and snacks
Corporate events, including team outings, dinners, volunteer activities, and company sports teams
Education reimbursement and learning opportunities
Modern offices with multi‑monitor setups
As set forth in Interactive Brokers’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.
#J-18808-Ljbffr
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi‑national team and be a part of a company that simplifies and enhances financial opportunities using state‑of‑the‑art technology.
This is a hybrid role (3 days in office / 2 days remote).
About your team We seek a Senior Vulnerability Operations professional to lead and execute our vulnerability management program. The ideal candidate has deep expertise across all types of vulnerabilities (infrastructure, application, cloud, container, endpoint) and can drive remediation strategies through scalable, automated, and measurable processes.
This role requires a strategic thinker with hands‑on capability who can lead vulnerability lifecycle processes — from detection and triage to reporting, tracking, and governance.
Responsibilities within IBKR
Own and manage the end-to-end vulnerability management lifecycle: discovery, assessment, prioritization, remediation tracking, and closure
Build and maintain vulnerability dashboards, metrics, and executive reports using tools such as Power BI, Tableau, or native scanner dashboards and products
Consolidate vulnerability data from multiple sources (e.g., SCA, SAST, DAST, Tenable, Rapid7, container scanners, cloud-native tools, and products such as Orca, Wiz, etc.) to present a unified risk view
Perform vulnerability correlation, de‑duplication, and tagging (e.g., based on business units, asset owners, criticality)
Collaborate with IT, DevOps, Cloud, Business, and Application teams/owners to drive timely remediation and verify risk mitigation
Track vulnerability SLAs, generate remediation tickets, and manage exceptions where applicable
Define and improve processes for asset inventory reconciliation, especially across on‑prem, cloud, containers, and shadow IT
Implement and improve automated integrations (e.g., CMDB, SIEM, ITSM tools like ServiceNow) for vulnerability data enrichment and remediation workflows
Stay updated on the vulnerability threat landscape (CVEs, zero‑days, exploitability trends, etc.)
Participate in audits and compliance initiatives (e.g., ISO 27001, NIST, PCI‑DSS) and provide evidence related to vulnerability management
Required Skills
6 to 10 years of experience in cybersecurity, with at least 4 years focused on vulnerability management
Deep understanding of vulnerability types across:
Operating systems (Windows, Linux, macOS)
Applications (web, APIs, databases)
Cloud environments (AWS, Azure, GCP)
Containers and Kubernetes
Network infrastructure and IoT/OT (preferred)
Experience with vulnerability scanning tools such as:
Qualys, Tenable Nessus, Rapid7 InsightVM/Nexpose
AWS Inspector, Azure Defender, Prisma Cloud, Aqua, Anchore, Wiz, Orca
Snyk, Black Duck, Veracode, SonarQube (for application security)
Strong experience with:
Data correlation and reporting (Excel, Power BI, or other BI tools)
Asset tagging and inventory management (ServiceNow CMDB, Lansweeper, etc.)
ITSM ticketing systems (ServiceNow, Jira, Remedy)
Scripting or automation tools (Python, PowerShell, APIs, Splunk queries) highly preferred
Familiarity with CVE, CVSS, CISA KEVs, EPSS, and exploitability frameworks
Strong understanding of security operations, patching cycles, and incident response workflows
Knowledge of compliance frameworks like NIST, CIS Controls, ISO 27001, PCI‑DSS, SOC 2
Preferred Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience
Certifications such as CISSP, CISM, GIAC GCIH, CompTIA Security+, or OSCP highly desired and definitely add an edge
Experience with threat intelligence platforms and linking threat data to vulnerability context
Ability to mentor junior analysts, standardize SOPs, and scale program maturity
Success Traits
Self‑motivated and able to handle tasks with minimal supervision
Superb analytical and problem‑solving skills
Excellent collaboration and communication (verbal and written) skills
Outstanding organizational and time‑management skills
Salary & Compensation This role's anticipated base salary range is $160,000 to $225,000 annually, based on skills and experience.
The offered salary is just part of the total compensation package. In addition to a competitive salary, the company offers both a discretionary cash bonus and a stock award, as well as a wide range of benefits including health care, tuition reimbursement, and much more.
Company Benefits & Perks
Competitive salary, annual performance‑based bonus, and stock grant
Retirement plan 401(k) with competitive company match
Excellent health and wellness benefits, including medical, dental, and vision benefits, and a company‑paid medical healthcare premium
Wellness screenings and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
Paid time off and a generous parental leave policy
Daily company lunch allowance provided, and a fully stocked kitchen with healthy options for breakfast and snacks
Corporate events, including team outings, dinners, volunteer activities, and company sports teams
Education reimbursement and learning opportunities
Modern offices with multi‑monitor setups
As set forth in Interactive Brokers’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.
#J-18808-Ljbffr