Threat & Vulnerability Web and ASM Analyst
London
Bloomberg
Bloomberg delivers business and markets news, data, analysis, and video to the world, featuring stories from Businessweek and Bloomberg News
Threat & Vulnerability Web and ASM Analyst
Location
London
Business Area
Engineering and CTO
Ref #
10043989
We report to the Chief Information Security Office (CISO) who owns the technical aspects of this mission by ensuring Bloomberg products, systems, networks and commercial applications are built and maintained with security in mind.
We work on purpose. Come find yours.
What’s The Role? We are seeking an Information Security Professional to help ensure that our Web Infrastructures are built to defend against the latest threats. You will be responsible for analyzing and assessing vulnerabilities across a wide range of technologies. You'll engage with various technology partners to validate and manage identified vulnerabilities through remediation. You will work directly with other cross-department security engineering and incident response teams to set strategic direction for our enterprise Threat and Vulnerability Management program.
This is a team that drives company-wide initiatives to improve the effectiveness of Bloomberg’s security posture. Analysts in this role must show exemplary judgment in making technical decisions to achieve business goals. You're expected to always demonstrate resilience and navigate difficult situations with composure and tact.
We'll Trust You To: - Perform Web Security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls.- Participate in the introduction of technologies to improve Threat and Vulnerability Management operations.- Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments. - Understand business requirements and work with business partners to define appropriate solutions to meet both security mandates and business needs. - Help standardize work-flows, processes, procedures and reporting.- Produce metrics and key performance indicators that demonstrate the effectiveness of the team’s remediation efforts.- Improve the design and usefulness of our IT Security management tools and solutions.
You’ll Need To Have: - 5+ years of experience in Web Security, Operations, Engineering or Systems Management.- Hands-on expertise working with enterprise network architectures, operating systems, system administration or as a security engineer.- Knowledge of web application security and system hardening best practices; including but not limited to web frameworks, open source technologies and software development life cycle (SDLC) processes. - Experience working with scripting languages like Python to ingest and process data.- Strong understanding of web application security threats, vulnerabilities, countermeasures including the use of Defensive Headers and Transport Layer Security (TLS).- Strong understanding of domain name services (DNS), including threats related to the misconfiguration of DNS records.- Experience analyzing vulnerability findings from IT and security tools.- An understanding of information security standards and best practices such as OWASP, NIST, CVE, CPE and CVSS. - Ability to interpret complex data sets to make informed risk-based decisions.- Can effectively manage complex tasks, projects, and initiatives.- Strong written and verbal communication skills.
We'd love to see: - Experience with reputational scoring services such as Bitsight, Security Scorecard or Panorays.- Experience using attack surface management (ASM) and attack surface discovery (ASD) solutions.- Experience using web application testing tools and commercial scanners (e.g; Burp Suite, Edgescan, InsightAppsec).- Experience using Application Programming Interfaces.- Understanding of virtualization and public cloud tech stacks.- Ability to learn and implement technologies quickly. - A bachelor's degree in Computer Science, Engineering, or other related fields.- One of more Information Security oriented professional certifications.
Description & Requirements
Our Team: The Threat and Vulnerability Management Team (TVM) is dedicated to making our systems and technologies as secure as possible. We protect Bloomberg. We partner with internal technical departments to ensure the confidentiality, integrity, and availability of Bloomberg systems and the data we process. We aim to ensure that our clients see us as a trusted partner.We report to the Chief Information Security Office (CISO) who owns the technical aspects of this mission by ensuring Bloomberg products, systems, networks and commercial applications are built and maintained with security in mind.
We work on purpose. Come find yours.
What’s The Role? We are seeking an Information Security Professional to help ensure that our Web Infrastructures are built to defend against the latest threats. You will be responsible for analyzing and assessing vulnerabilities across a wide range of technologies. You'll engage with various technology partners to validate and manage identified vulnerabilities through remediation. You will work directly with other cross-department security engineering and incident response teams to set strategic direction for our enterprise Threat and Vulnerability Management program.
This is a team that drives company-wide initiatives to improve the effectiveness of Bloomberg’s security posture. Analysts in this role must show exemplary judgment in making technical decisions to achieve business goals. You're expected to always demonstrate resilience and navigate difficult situations with composure and tact.
We'll Trust You To: - Perform Web Security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls.- Participate in the introduction of technologies to improve Threat and Vulnerability Management operations.- Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments. - Understand business requirements and work with business partners to define appropriate solutions to meet both security mandates and business needs. - Help standardize work-flows, processes, procedures and reporting.- Produce metrics and key performance indicators that demonstrate the effectiveness of the team’s remediation efforts.- Improve the design and usefulness of our IT Security management tools and solutions.
You’ll Need To Have: - 5+ years of experience in Web Security, Operations, Engineering or Systems Management.- Hands-on expertise working with enterprise network architectures, operating systems, system administration or as a security engineer.- Knowledge of web application security and system hardening best practices; including but not limited to web frameworks, open source technologies and software development life cycle (SDLC) processes. - Experience working with scripting languages like Python to ingest and process data.- Strong understanding of web application security threats, vulnerabilities, countermeasures including the use of Defensive Headers and Transport Layer Security (TLS).- Strong understanding of domain name services (DNS), including threats related to the misconfiguration of DNS records.- Experience analyzing vulnerability findings from IT and security tools.- An understanding of information security standards and best practices such as OWASP, NIST, CVE, CPE and CVSS. - Ability to interpret complex data sets to make informed risk-based decisions.- Can effectively manage complex tasks, projects, and initiatives.- Strong written and verbal communication skills.
We'd love to see: - Experience with reputational scoring services such as Bitsight, Security Scorecard or Panorays.- Experience using attack surface management (ASM) and attack surface discovery (ASD) solutions.- Experience using web application testing tools and commercial scanners (e.g; Burp Suite, Edgescan, InsightAppsec).- Experience using Application Programming Interfaces.- Understanding of virtualization and public cloud tech stacks.- Ability to learn and implement technologies quickly. - A bachelor's degree in Computer Science, Engineering, or other related fields.- One of more Information Security oriented professional certifications.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
7
1
0
Categories:
Analyst Jobs
Threat Intel Jobs
Tags: Application security ASM Burp Suite CISO Cloud Computer Science CVSS DNS Incident response NIST Open Source OWASP Python Scripting SDLC Security assessment TLS Vulnerabilities Vulnerability management Web application testing
Region:
Europe
Country:
United Kingdom
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Security Operations Engineer jobsProduct Security Engineer jobsSenior Cybersecurity Engineer jobsSenior Security Analyst jobsSystems Administrator jobsCybersecurity Editor jobsSenior Information Security Analyst jobsCybersecurity Content Editor jobsCyber Security Specialist jobsInformation Security Manager jobsIT Security Analyst jobsSenior Network Security Engineer jobsChief Information Security Officer jobsSenior Information Security Engineer jobsSecurity Consultant jobsInformation System Security Officer (ISSO) jobsIT Security Engineer jobsSecurity Specialist jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSecurity Operations Analyst jobsSenior Software Engineer jobsCyber Security Architect jobs
TS/SCI jobsEDR jobsJava jobsCEH jobsEncryption jobsThreat detection jobsSplunk jobsSDLC jobsTop Secret jobsTerraform jobsMalware jobsIDS jobsSOC 2 jobsRMF jobsSQL jobsIPS jobsFinance jobsForensics jobsDocker jobsCompTIA jobsIntrusion detection jobsActive Directory jobsOWASP jobsITIL jobsVPN jobs
Ansible jobsCRISC jobsIT infrastructure jobsTCP/IP jobsClearance Required jobsHIPAA jobsGIAC jobsDoDD 8570 jobsOSCP jobsIndustrial jobsSOAR jobsMITRE ATT&CK jobsBanking jobsCCSP jobsDNS jobsZero Trust jobsSOX jobsData Analytics jobsJira jobsArtificial Intelligence jobsCISO jobsJavaScript jobsNIST 800-53 jobsMachine Learning jobsGCIH jobs