Cybersecurity Analyst, Threat and Vulnerability

Job Description

SUMMARY:

We are seeking a skilled Threat and Vulnerability Analyst to join our cybersecurity team and play a key role in protecting our enterprise infrastructure, applications, and cloud environments. This role is responsible for the identification, assessment, prioritization, and coordination of remediation for vulnerabilities across our technology landscape. You will drive continuous attack surface testing, vulnerability scanning, and penetration testing initiatives while working closely with stakeholders to improve our overall security posture.

ESSENTIAL DUTIES and RESPONSIBILITIES:

Lead end-to-end vulnerability management across on-premises servers, applications, containers, AWS cloud platforms, and SaaS environments.

Perform vulnerability scanning, assessment, and validation using tools such as Rapid7, Snyk, Ivanti, and Splunk for data correlation and threat intelligence integration.

Coordinate and execute continuous attack surface testing to proactively identify and report exploitable risks.

Support internal and third-party penetration testing efforts; validate findings and ensure accurate risk ratings.

Analyze and prioritize vulnerabilities based on risk, exposure, and business impact using CVSS, threat intelligence, and contextual data.

Partner with system owners, DevOps, and IT teams to track and ensure timely remediation of vulnerabilities.

Provide actionable recommendations to development and infrastructure teams for secure configuration and code remediation.

Maintain and improve vulnerability metrics and dashboards for reporting and compliance tracking.

Participate in the enhancement of security policies, standards, and procedures related to vulnerability and risk management.

Stay up to date with emerging threats, exploits, and trends to proactively adjust detection and protection strategies.

Other duties as required.

REGULATORY

Ability to obtain racing and/or gaming licenses as required in any jurisdiction where CDI operates. The Gaming industry is highly regulated and as such demands an extensive background check to obtain a license. Must be 21 years of age or older.

EDUCATION and EXPERIENCE:

4-year degree in IT/IS or other closely related discipline; may consider experience and certifications for degree requirement.

5+ years of experience in a security-focused role with hands-on vulnerability management responsibilities.

Strong technical understanding of operating systems (Windows/Linux), networks, web applications, APIs, and cloud platforms.

Proficiency in using vulnerability scanning tools such as Rapid7 InsightVM/Nexpose, Snyk, Ivanti, and Splunk.

Familiarity with penetration testing tools and frameworks (e.g., Burp Suite, Metasploit, OWASP ZAP).

Experience with AWS cloud security assessments and container security scanning.

Relevant Security certifications such as OSCP, CEH, CISSP, or GIAC preferred.

Experience working with CI/CD pipelines and integrating security testing into workflows preferred.

Knowledge of regulatory and compliance frameworks (e.g., NIST, PCI DSS) preferred.

SKILLS and ATTRIBUTES:

Ability to interpret CVSS scores, security advisories, exploit POCs, and prioritize risk effectively.

Strong communication skills with experience consulting and collaborating with cross-functional stakeholders (e.g., developers, system admins, product owners).

Ability to document findings clearly and create executive-level and technical-level reports.

PHYSICAL DEMANDS/ WORKING CONDITIONS:

Extended periods of sitting at a desk and working on a computer.

Regular use of a keyboard and mouse for typing and navigating software.

Viewing a computer screen for prolonged periods.

Ability to manipulate paperwork, including filing, sorting, and organizing.

Moving within the office environment to attend meetings, use office equipment, or interact with colleagues.

Occasional lifting of office supplies or paperwork (up to 20 pounds).

Speaking and listening to colleagues and clients in person, over the phone, or via video conferencing.

Working in a climate-controlled office environment with moderate noise levels.

Performing repetitive tasks such as data entry or document preparation.

Working under artificial lighting conditions typical of an office environment, which may include fluorescent or LED lighting.

Role is onsite five days a week at the Louisville, KY CDI headquarters office.

Full-time

Hybrid remote