Senior IT Security & Vulnerability Analyst
New York
Full Time Senior-level / Expert USD 195K - 240K
Bloomberg
Bloomberg delivers business and markets news, data, analysis, and video to the world, featuring stories from Businessweek and Bloomberg News
Senior IT Security & Vulnerability Analyst
Location
New York
Business Area
Engineering and CTO
Ref #
10043772
We report to the Chief Information Security Office (CISO) who owns the technical aspects of this mission by ensuring Bloomberg products, systems, networks and commercial applications are built and maintained with security in mind.
We work on purpose. Come find yours.
What’s The Role? We are seeking an IT Security Analyst to help ensure that our IT infrastructure and security processes are resilient against the latest threats. You will be responsible for analyzing and assessing vulnerabilities across a wide range of technologies. You'll engage with various technology partners to validate and manage identified vulnerabilities through remediation. You will work directly with other cross-department security engineering and incident response teams to set strategic direction for our enterprise Threat and Vulnerability Management program.
This is a team that drives company-wide initiatives to improve the effectiveness of Bloomberg’s security posture. Analysts in this role must show exemplary judgment in making technical decisions to achieve business goals. You're expected to always demonstrate resilience and navigate difficult situations with composure and tact.
We'll Trust You To: - Perform IT Security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls - Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments - Understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs - Help standardize workflows, processes, procedures and reporting - Produce metrics and key performance indicators that demonstrate the effectiveness of the team's remediation efforts across the enterprise - Improve the design and usefulness of our IT Security management tools and solutions. - Have excellent interpersonal and effective communications skills
You’ll Need to Have: - 7+ years IT Security experience including IT Operations & Systems Management - Operation vulnerability scan tools (ie: Rapid7, Qualys, Nessus, Nmap) - Hands-on expertise working with enterprise network architectures, Linux and Windows OS, system administration or as a software developer - Knowledge of IT security and system hardening best practices; including but not limited to operating systems (Windows, Unix, Linux), web applications, network devices and SDLC processes - Vulnerability Management of Regulated Systems - Experience analyzing vulnerability findings from IT and Security management tools - Understanding of industry standards such as NIST, CVE, CPE and CVSS - Ability to interpret complex data sets to make informed risk-based decisions - Can effectively manage complex tasks, projects, and initiatives
We'd love to see: - Solid understanding of Risk management frameworks and security tools - SCRUM Master Certification / PMP Certified - Experience with hardening TLS & SSH configurations across Web Servers, Databases and APIs. - Understanding in patching 3rd Party software and its prerequisites such as Apache HTTPD, CI/CD tools, Relational Databases (MySQL, PostGres), etc. - Ability to learn and implement technologies quickly - A Bachelor's degree in Computer Science, Engineering, or other related fields Salary Range = 195000 - 240000 USD Annually + Benefits + Bonus
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.
We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation, [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.
Description & Requirements
Our Team: The Threat and Vulnerability Management Team (TVM) is dedicated to making our systems and technologies as secure as possible. We protect Bloomberg. We partner with internal technical departments to ensure the confidentiality, integrity, and availability of Bloomberg systems and the data we process. We aim to ensure that our clients see us as a trusted partner.We report to the Chief Information Security Office (CISO) who owns the technical aspects of this mission by ensuring Bloomberg products, systems, networks and commercial applications are built and maintained with security in mind.
We work on purpose. Come find yours.
What’s The Role? We are seeking an IT Security Analyst to help ensure that our IT infrastructure and security processes are resilient against the latest threats. You will be responsible for analyzing and assessing vulnerabilities across a wide range of technologies. You'll engage with various technology partners to validate and manage identified vulnerabilities through remediation. You will work directly with other cross-department security engineering and incident response teams to set strategic direction for our enterprise Threat and Vulnerability Management program.
This is a team that drives company-wide initiatives to improve the effectiveness of Bloomberg’s security posture. Analysts in this role must show exemplary judgment in making technical decisions to achieve business goals. You're expected to always demonstrate resilience and navigate difficult situations with composure and tact.
We'll Trust You To: - Perform IT Security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls - Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments - Understand business requirements and work with business partners to define appropriate solutions; meeting both security mandates and business needs - Help standardize workflows, processes, procedures and reporting - Produce metrics and key performance indicators that demonstrate the effectiveness of the team's remediation efforts across the enterprise - Improve the design and usefulness of our IT Security management tools and solutions. - Have excellent interpersonal and effective communications skills
You’ll Need to Have: - 7+ years IT Security experience including IT Operations & Systems Management - Operation vulnerability scan tools (ie: Rapid7, Qualys, Nessus, Nmap) - Hands-on expertise working with enterprise network architectures, Linux and Windows OS, system administration or as a software developer - Knowledge of IT security and system hardening best practices; including but not limited to operating systems (Windows, Unix, Linux), web applications, network devices and SDLC processes - Vulnerability Management of Regulated Systems - Experience analyzing vulnerability findings from IT and Security management tools - Understanding of industry standards such as NIST, CVE, CPE and CVSS - Ability to interpret complex data sets to make informed risk-based decisions - Can effectively manage complex tasks, projects, and initiatives
We'd love to see: - Solid understanding of Risk management frameworks and security tools - SCRUM Master Certification / PMP Certified - Experience with hardening TLS & SSH configurations across Web Servers, Databases and APIs. - Understanding in patching 3rd Party software and its prerequisites such as Apache HTTPD, CI/CD tools, Relational Databases (MySQL, PostGres), etc. - Ability to learn and implement technologies quickly - A Bachelor's degree in Computer Science, Engineering, or other related fields Salary Range = 195000 - 240000 USD Annually + Benefits + Bonus
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.
We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation, [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.
Job stats:
3
0
0
Category:
Analyst Jobs
Tags: APIs CI/CD CISO Cloud Computer Science CVSS Incident response IT infrastructure Linux MySQL Nessus NIST Nmap PostgreSQL Qualys RDBMS Risk management Scrum SDLC Security assessment SSH TLS UNIX Vulnerabilities Vulnerability management Windows
Perks/benefits: 401(k) matching Flex vacation Health care Insurance Wellness
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Cybersecurity Engineer jobsSystems Engineer jobsSenior Security Analyst jobsSenior Cloud Security Engineer jobsSystems Administrator jobsCybersecurity Editor jobsCybersecurity Content Editor jobsSenior Information Security Analyst jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsSenior Information Security Engineer jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsSecurity Specialist jobsIT Security Engineer jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSenior Software Engineer jobsSecurity Operations Analyst jobsCyber Security Architect jobs
Encryption jobsJava jobsBash jobsTS/SCI jobsCEH jobsThreat detection jobsTop Secret jobsTerraform jobsSplunk jobsSDLC jobsRMF jobsMalware jobsSQL jobsSOC 2 jobsIDS jobsIPS jobsDocker jobsFinance jobsCompTIA jobsActive Directory jobsForensics jobsITIL jobsOWASP jobsIntrusion detection jobsVPN jobs
Ansible jobsGIAC jobsHIPAA jobsIT infrastructure jobsCRISC jobsTCP/IP jobsDoDD 8570 jobsClearance Required jobsOSCP jobsZero Trust jobsCCSP jobsDNS jobsMITRE ATT&CK jobsData Analytics jobsJira jobsSOX jobsIndustrial jobsJavaScript jobsCISO jobsNIST 800-53 jobsMachine Learning jobsArtificial Intelligence jobsBanking jobsSOAR jobsUNIX jobs