Our Team: The Threat and Vulnerability Management Team (TVM) is dedicated to making our systems and technologies as secure as possible. We protect Bloomberg. We partner with internal technical departments to ensure the confidentiality, integrity, and availability of Bloomberg systems and the data we process. We aim to ensure that our clients see us as a trusted partner.
We report to the Chief Information Security Office (CISO) that owns the technical aspects of this mission by ensuring that Bloomberg products, systems, networks and commercial applications are built and maintained to be secure. We work on purpose. Come find yours.
What's The Role? We are seeking an IT Security Analyst to help ensure that our ENG & Cloud IT infrastructure and security processes are resilient against the latest threats. You will be responsible for analyzing and assessing vulnerabilities across a wide range of technologies. You'll engage with various technology partners to validate and manage identified vulnerabilities through remediation. You will work directly with other cross-department security engineering and incident response teams to set strategic direction for our enterprise Threat and Vulnerability Management program.
This is a team that drives company-wide initiatives to improve the effectiveness of Bloomberg's security posture. Analysts in this role must show exemplary judgment in making technical decisions to achieve business goals. You're expected to always demonstrate resilience and navigate difficult situations with composure and tact.
We'll Trust You To:
Perform IT Security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls
Build strong partnerships with technical teams to promote best practices for managing vulnerabilities, initiate and track remediation through to completion
Understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs
Help standardize workflows, processes, procedures and reporting
Partner with Cloud Engineering teams to establish security baselines and best practices
Provide security guidance to Cloud Engineering teams encompassing perimeter, misconfigurations, asset visibility, policies, container, patching cadence, and vulnerability scanning
Produce metrics and key performance indicators that demonstrate the effectiveness of remediation efforts
Improve the design and usefulness of our IT Security management tools and solutions.
Have excellent interpersonal and effective communications skills
You'll need To Have:
Solid knowledge of Cloud Security and able to rate vulnerabilities appropriately in the context of the infrastructure & application stack.
Proven IT operations, systems management, or IT Security related experience
Hands-on expertise working with enterprise and cloud architectures
Understanding of Linux and Windows OS, system administration and engineering
Knowledge of IT security and system hardening best practices
Solid understanding of Public Cloud infrastructure concepts and terminologies
Experience analyzing vulnerability findings from IT and Security management tools
Understanding of industry security standards such as CVE, CPE, CVSS & NIST
Ability to interpret complex data sets to make informed risk-based decisions
Strong organizational skills and can effectively manage complex tasks, projects, and agile framework
We'd love to see:
AWS Certified Solutions Architect, which is highly preferred
A Certified Cloud Security Professional (CCSP), is a plus
Experience buiding Cloud Resources and hardening them to CIS standards
SCRUM Master Certification / PMP Certified.
Solid understanding of Risk management frameworks and security tools
Ability to learn and implement technologies quickly
Bachelor's degree in Computer Science, Engineering, or other related fields
If This Sounds Like You: Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://vimeo.com/160970985
Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg provides reasonable adjustment/accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable adjustment/accommodation to apply for a job or to perform your job. Examples of reasonable adjustment/accommodation include but are not limited to making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment. If you would prefer to discuss this confidentially, please email AMER_recruit@bloomberg.net (Americas), EMEA_recruit@bloomberg.net (Europe, the Middle East and Africa), or APAC_recruit@bloomberg.net (Asia-Pacific), based on the region you are submitting an application for.
Salary Range: 135,000 - 190,000 USD Annually + Benefits + Bonus The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level. We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.