Senior Vulnerability Operations

Company Overview

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

This is a hybrid role (3 days in office / 2 days remote).

About your team:

We seek a Senior Vulnerability Operations professional to lead and execute our vulnerability management program. The ideal candidate has deep expertise across all types of vulnerabilities (infrastructure, application, cloud, container, endpoint) and can drive remediation strategies through scalable, automated, and measurable processes.

This role requires a strategic thinker with hands-on capability who can lead vulnerability lifecycle processes - from detection and triage to reporting, tracking, and governance.

What will be your responsibilities within IBKR:

• Own and manage the end-to-end vulnerability management lifecycle: discovery, assessment, prioritization, remediation tracking, and closure
• Build and maintain vulnerability dashboards, metrics, and executive reports using tools such as Power BI, Tableau, or native scanner dashboards and products
• Consolidate vulnerability data from multiple sources (e.g., SCA, SAST, DAST, Tenable, Rapid7, container scanners, cloud-native tools, and products such as Orca, Wiz, etc.) to present a unified risk view
• Perform vulnerability correlation, de-duplication, and tagging (e.g., based on business units, asset owners, criticality)
• Collaborate with IT, DevOps, Cloud, Business, and Application teams/owners to drive timely remediation and verify risk mitigation
• Track vulnerability SLAs, generate remediation tickets, and manage exceptions where applicable
• Define and improve processes for asset inventory reconciliation, especially across on-prem, cloud, containers, and shadow IT
• Implement and improve automated integrations (e.g., CMDB, SIEM, ITSM tools like ServiceNow) for vulnerability data enrichment and remediation workflows
• Stay updated on the vulnerability threat landscape (CVEs, zero-days, exploitability trends, etc.)
• Participate in audits and compliance initiatives (e.g., ISO 27001, NIST, PCI-DSS) and provide evidence related to vulnerability management

Which skills are required:

• 6 to 10 years of experience in cybersecurity, with at least 4 years focused on vulnerability management
• Deep understanding of vulnerability types across:
  • Operating systems (Windows, Linux, macOS)
  • Applications (web, APIs, databases)
  • Cloud environments (AWS, Azure, Google Cloud Platform)
  • Containers and Kubernetes
  • Network infrastructure and IoT/OT (preferred)
• Experience with vulnerability scanning tools such as:
  • Qualys, Tenable Nessus, Rapid7 InsightVM/Nexpose
  • AWS Inspector, Azure Defender, Prisma Cloud, Aqua, Anchore, Wiz, Orca
  • Snyk, Black Duck, Veracode, SonarQube (for application security)
• Strong experience with:
  • Data correlation and reporting (Excel, Power BI, or other BI tools)
  • Asset tagging and inventory management (ServiceNow CMDB, Lansweeper, etc.)
  • ITSM ticketing systems (ServiceNow, Jira, Remedy)
  • Scripting or automation tools (Python, PowerShell, APIs, Splunk queries) highly preferred
• Familiarity with CVE, CVSS, CISA KEVs, EPSS, and exploitability frameworks
• Strong understanding of security operations, patching cycles, and incident response workflows
• Knowledge of compliance frameworks like NIST, CIS Controls, ISO 27001, PCI-DSS, SOC 2

Preferred Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent experience
• Certifications such as CISSP, CISM, GIAC GCIH, CompTIA Security+, or OSCP highly desired and definitely add an edge
• Experience with threat intelligence platforms and linking threat data to vulnerability context
• Ability to mentor junior analysts, standardize SOPs, and scale program maturity

To be successful in this position, you will have the following:

• Self-motivated and able to handle tasks with minimal supervision
• Superb analytical and problem-solving skills
• Excellent collaboration and communication (verbal and written) skills
• Outstanding organizational and time management skills

This role's anticipated base salary range is $160,000 to $225,000 annually, based on skills and experience. The offered salary is just part of the total compensation package. In addition to a competitive salary, the company offers both a discretionary cash bonus and a stock award, as well as a wide range of benefits including health care, tuition reimbursement, and much more.

Company Benefits & Perks

• Competitive salary, annual performance-based bonus, and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits, including medical, dental, and vision benefits, and a company-paid medical healthcare premium
• Wellness screenings and assessments, health coaches, and counseling services through an Employee Assistance Program (EAP)
• Paid time off and a generous parental leave policy
• Daily company lunch allowance provided, and a fully stocked kitchen with healthy options for breakfast and snacks
• Corporate events, including team outings, dinners, volunteer activities, and company sports teams
• Education reimbursement and learning opportunities
• Modern offices with multi-monitor setups

This role's anticipated base salary range is $130,000 to $225,000 annually based on skill's and experience. The offered salary is just part of the total compensation package. In addition to a competitive salary, the company offers both a discretionary cash bonus and stock award as well as a wide range of benefits, including health care, tuition reimbursement and much more