On Senior Cyber Defense Analyst - Hardening & Vulnerability Management

At On, our technology moves as fast as our runners: always evolving, always pushing boundaries. We're building a world-class platform to ignite the human spirit through movement, and our Information Security team is the trusted guardian of that mission. Join a collaborative team of curious minds who see security hardening not as restriction, but as acceleration. We believe the strongest defense is built long before an incident-by reducing exposure, strengthening foundations, and making secure configurations the default. We are explorers in a constantly evolving technology landscape, tackling complexity across endpoints, cloud, and platforms while staying ahead of real-world threats. We are looking for a Sr Cyber Defense Analyst - Hardening & Vulnerability Management who shares this mindset-someone who wants to move beyond ticket-driven vulnerability scanning and help build a scalable, risk-driven, and automated approach to reducing attack surface at On, while participating in a 24/7 on-call rotation as part of our core incident response capability.

Your Mission

As a Sr Cyber Defense Analyst - Hardening & Vulnerability Management, your mission is to continuously reduce our attack surface by embedding secure-by-default practices across endpoints, cloud, and core infrastructure. You will turn vulnerability data into action, drive systematic hardening, and partner closely with Engineering and Technology teams to ensure security is practical, scalable, and built into how we operate-not bolted on. This role sits at the intersection of security engineering, operations, and enablement: you don’t just find problems-you help fix them

Your Story

You are an experienced security professional with a passion for technical details and a proactive, problem-solving mindset. Your background demonstrates a commitment to excellence in security operations:
• 5+ years of experience in security engineering, vulnerability management, system hardening, or a closely related role
• Strong understanding of operating system and platform hardening (Windows, macOS, Linux, cloud workloads)
• Hands-on experience with vulnerability scanning and cloud security tooling
• Solid knowledge of common attack techniques and how vulnerabilities are exploited in practice
• Ability to prioritize risk based on business impact-not just CVSS scores
• Experience working closely with engineering or Technology teams in fast-moving environments
• Desirable experience participating in security incident response or on-call rotations, with the ability to contribute effectively during investigations and high-impact situations as part of the broader incident response team
• Scripting or automation experience (e.g., Python, Bash, PowerShell) is a plus
• Clear communicator who can explain security trade-offs without fear-mongering

Meet The Team

We are a globally-distributed team within the broader Technology function, organized into five core domains: Cyber Defence, Security Engineering, Security Architecture, IT GRC, and Endpoint Security.

What We Offer

On is a place that is centered around growth and progress. We offer an environment designed to give people the tools to develop holistically - to stay active, to learn, explore and innovate. Our distinctive approach combines a supportive, team-oriented atmosphere, with access to personal self-care for both physical and mental well-being, so each person is led by purpose. On is an Equal Opportunity Employer. We are committed to creating a work environment that is fair and inclusive, where all decisions related to recruitment, advancement, and retention are free of discrimination.