Security Architect - Vulnerability Management - CTO Office
New York
Full Time Senior-level / Expert USD 240K - 330K
Bloomberg
Bloomberg delivers business and markets news, data, analysis, and video to the world, featuring stories from Businessweek and Bloomberg News
Security Architect - Vulnerability Management - CTO Office
Location
New York
Business Area
Engineering and CTO
Ref #
10042262
The Security Services Architecture team, part of the CTO Infrastructure group, solves complex security problems and prototypes the next generation of infrastructure security technologies. Whether we’re designing novel security controls or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg’s infrastructure.
As a CTO Security Architect, your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team’s goals.
The role: Our team focuses on operational security at Bloomberg. We have a holistic view of the security operations landscape, from triage, to threat and vulnerability management, product security testing, and beyond. We are continuously upleveling on key capabilities and championing the use of automation and analytics to remain ahead of our adversaries. You’ll work with our stakeholders to define roadmaps, support building and refining tools, and introduce technologies and methodologies to fulfill our mission. This is a high-leverage role in a cross-functional environment, so you’ll need to be comfortable wearing many hats and balancing security expertise with business acumen.
We’ll trust you to: - Develop a deep understanding of the workflows and technical requirements of our threat and vulnerability management and product security teams - Contribute to the long-term vision for threat and vulnerability management and product security at Bloomberg and take a leadership role in delivering on that vision - Collaborate with partners in our CISO’s office and Engineering to develop and maintain program roadmaps; coordinate quarterly goal planning across these parties - Research emerging technologies and monitor the security tooling marketplace to help us maintain cutting edge capabilities - Identify process improvements and implement prevention strategies to mitigate operational risk in close partnership with engineering teams and security architects - Oversee security vendor partners for services such as vulnerability scanning, software testing, inventory tracking, and security posture management
You’ll need to have: - 5+ years of experience designing, building, and managing operational security programs and tooling, ideally related to threat and vulnerability management and/or product security functions - Understanding of the day-to-day functions of the security operations center, threat and vulnerability management, and product security teams, and the challenges they face in large enterprise environments - Proficiency in vulnerability scanning tools and techniques as well as static and dynamic testing - Understanding of industry standards such as NIST CSF, ISO 27001, CIS, Cyber Kill Chain, CVE/CVSS, SBOMs, MITRE ATT&CK - Effective communication and ability to work across departments – you will need to build trust with peers and at the executive level while skillfully navigating organizational dynamics - A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence
We’d love to see: - Experience integrating with and securing a combination of in-house developed and third-party solutions spanning on-prem and public cloud, and making build versus buy decisions - Familiarity with data science/analytics, and their application to security - Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports - Ability to work with minimal supervision and to divide focus among many different projects Salary Range = 240000 - 330000 USD Annually + Benefits + Bonus
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.
We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation, [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.
Description & Requirements
Bloomberg’s Office of the CTO is the forward-looking technical arm of Bloomberg L.P. We envision the future of Bloomberg’s business, and work to determine how technology helps achieve that vision. Above all else, we are passionate about what we do.The Security Services Architecture team, part of the CTO Infrastructure group, solves complex security problems and prototypes the next generation of infrastructure security technologies. Whether we’re designing novel security controls or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg’s infrastructure.
As a CTO Security Architect, your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team’s goals.
The role: Our team focuses on operational security at Bloomberg. We have a holistic view of the security operations landscape, from triage, to threat and vulnerability management, product security testing, and beyond. We are continuously upleveling on key capabilities and championing the use of automation and analytics to remain ahead of our adversaries. You’ll work with our stakeholders to define roadmaps, support building and refining tools, and introduce technologies and methodologies to fulfill our mission. This is a high-leverage role in a cross-functional environment, so you’ll need to be comfortable wearing many hats and balancing security expertise with business acumen.
We’ll trust you to: - Develop a deep understanding of the workflows and technical requirements of our threat and vulnerability management and product security teams - Contribute to the long-term vision for threat and vulnerability management and product security at Bloomberg and take a leadership role in delivering on that vision - Collaborate with partners in our CISO’s office and Engineering to develop and maintain program roadmaps; coordinate quarterly goal planning across these parties - Research emerging technologies and monitor the security tooling marketplace to help us maintain cutting edge capabilities - Identify process improvements and implement prevention strategies to mitigate operational risk in close partnership with engineering teams and security architects - Oversee security vendor partners for services such as vulnerability scanning, software testing, inventory tracking, and security posture management
You’ll need to have: - 5+ years of experience designing, building, and managing operational security programs and tooling, ideally related to threat and vulnerability management and/or product security functions - Understanding of the day-to-day functions of the security operations center, threat and vulnerability management, and product security teams, and the challenges they face in large enterprise environments - Proficiency in vulnerability scanning tools and techniques as well as static and dynamic testing - Understanding of industry standards such as NIST CSF, ISO 27001, CIS, Cyber Kill Chain, CVE/CVSS, SBOMs, MITRE ATT&CK - Effective communication and ability to work across departments – you will need to build trust with peers and at the executive level while skillfully navigating organizational dynamics - A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence
We’d love to see: - Experience integrating with and securing a combination of in-house developed and third-party solutions spanning on-prem and public cloud, and making build versus buy decisions - Familiarity with data science/analytics, and their application to security - Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports - Ability to work with minimal supervision and to divide focus among many different projects Salary Range = 240000 - 330000 USD Annually + Benefits + Bonus
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.
We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation, [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.
Job stats:
0
0
0
Categories:
Architecture Jobs
Leadership Jobs
Tags: Analytics Automation CISO Cloud CVSS Cyber Kill Chain ISO 27001 MITRE ATT&CK NIST Product security SOC Vulnerability management
Perks/benefits: 401(k) matching Career development Flex vacation Health care Insurance
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsInformation Systems Security Officer jobsInformation Security Officer jobsInformation Security Manager jobsSenior Cybersecurity Engineer jobsSenior Cloud Security Engineer jobsSystems Engineer jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Network Security Engineer jobsSystems Administrator jobsSenior Information Security Analyst jobsSecurity Consultant jobsSecurity Specialist jobsChief Information Security Officer jobsIT Security Analyst jobsSenior Cyber Security Engineer jobsInformation Systems Security Engineer jobsInformation System Security Officer (ISSO) jobsThreat Intelligence Analyst jobsCyber Threat Intelligence Analyst jobsSenior Penetration Tester jobsSenior Information Security Engineer jobsSenior Product Security Engineer jobsCyber Security Architect jobs
Encryption jobsTop Secret jobsSplunk jobsSaaS jobsGDPR jobsMalware jobsRMF jobsEDR jobsSDLC jobsSQL jobsBash jobsForensics jobsIDS jobsThreat detection jobsFinance jobsDoDD 8570 jobsIPS jobsIntrusion detection jobsITIL jobsActive Directory jobsCompTIA jobsCRISC jobsDocker jobsTerraform jobsGIAC jobs
OWASP jobsSOC 2 jobsSAP jobsClearance Required jobsUNIX jobsIndustrial jobsSANS jobsHIPAA jobsCCSP jobsAnsible jobsOSCP jobsVPN jobsTCP/IP jobsPolygraph jobsJavaScript jobsBanking jobsData Analytics jobsMachine Learning jobsJira jobsSOX jobsDNS jobsIT infrastructure jobsNIST 800-53 jobsVMware jobsCISO jobs