What are the responsibilities and job description for the Security Architect - Vulnerability Management - CTO Office position at Bloomberg?
Job Details
Bloomberg's Office of the CTO is the forward-looking technical arm of Bloomberg L.P. We envision the future of Bloomberg's business, and work to determine how technology helps achieve that vision. Above all else, we are passionate about what we do.
The Security Services Architecture team, part of the CTO Infrastructure group, solves complex security problems and prototypes the next generation of infrastructure security technologies. Whether we're designing novel security controls or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg's infrastructure.
As a CTO Security Architect, your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team's goals.
The role:
Our team focuses on operational security at Bloomberg. We have a holistic view of the security operations landscape, from triage to threat and vulnerability management (TVM), product security testing, and beyond. We are continuously upleveling on key capabilities and championing the use of automation and analytics to remain ahead of our adversaries. You'll work with our stakeholders to define roadmaps, support building and refining tools, and introduce technologies and methodologies to fulfill our mission. This is a high-leverage role in a cross-functional environment, so you'll need to be comfortable wearing many hats and balancing security expertise with business acumen.
We'll trust you to:
- Develop a deep understanding of the workflows and technical requirements of our TVM and product security teams
- Contribute to the long-term vision for TVM and product security at Bloomberg and take a leadership role in delivering on that vision
- Collaborate with partners in our CISO's office and Engineering to develop and maintain program roadmaps; coordinate quarterly goal planning across these parties
- Research emerging technologies and monitor the security tooling marketplace to help us maintain cutting edge capabilities
- Identify process improvements and implement prevention strategies to mitigate operational risk in close partnership with engineering teams and security architects
- Oversee security vendor partners for services such as vulnerability scanning, software testing, inventory tracking, and security posture management
You'll need to have:
- 5 years of experience designing, building, and managing operational security programs and tooling, ideally related to TVM and/or product security functions
- Understanding of the day-to-day functions of the security operations center, TVM, and product security teams, and the challenges they face in large enterprise environments
- Proficiency in vulnerability scanning tools and techniques as well as static and dynamic testing
- Understanding of industry standards such as NIST CSF, ISO 27001, CIS, Cyber Kill Chain, CVE/CVSS, SBOMs, MITRE ATT&CK
- Effective communication and ability to work across departments - you will need to build trust with peers and at the executive level while skillfully navigating organizational dynamics
- A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence
We'd love to see:
- Experience integrating with and securing a combination of in-house developed and third-party solutions spanning on-prem and public cloud, and making build versus buy decisions
- Familiarity with data science/analytics, and their application to security
- Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
- Ability to work with minimal supervision and to divide focus among many different projects
The Security Services Architecture team, part of the CTO Infrastructure group, solves complex security problems and prototypes the next generation of infrastructure security technologies. Whether we're designing novel security controls or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg's infrastructure.
As a CTO Security Architect, your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team's goals.
The role:
Our team focuses on operational security at Bloomberg. We have a holistic view of the security operations landscape, from triage to threat and vulnerability management (TVM), product security testing, and beyond. We are continuously upleveling on key capabilities and championing the use of automation and analytics to remain ahead of our adversaries. You'll work with our stakeholders to define roadmaps, support building and refining tools, and introduce technologies and methodologies to fulfill our mission. This is a high-leverage role in a cross-functional environment, so you'll need to be comfortable wearing many hats and balancing security expertise with business acumen.
We'll trust you to:
- Develop a deep understanding of the workflows and technical requirements of our TVM and product security teams
- Contribute to the long-term vision for TVM and product security at Bloomberg and take a leadership role in delivering on that vision
- Collaborate with partners in our CISO's office and Engineering to develop and maintain program roadmaps; coordinate quarterly goal planning across these parties
- Research emerging technologies and monitor the security tooling marketplace to help us maintain cutting edge capabilities
- Identify process improvements and implement prevention strategies to mitigate operational risk in close partnership with engineering teams and security architects
- Oversee security vendor partners for services such as vulnerability scanning, software testing, inventory tracking, and security posture management
You'll need to have:
- 5 years of experience designing, building, and managing operational security programs and tooling, ideally related to TVM and/or product security functions
- Understanding of the day-to-day functions of the security operations center, TVM, and product security teams, and the challenges they face in large enterprise environments
- Proficiency in vulnerability scanning tools and techniques as well as static and dynamic testing
- Understanding of industry standards such as NIST CSF, ISO 27001, CIS, Cyber Kill Chain, CVE/CVSS, SBOMs, MITRE ATT&CK
- Effective communication and ability to work across departments - you will need to build trust with peers and at the executive level while skillfully navigating organizational dynamics
- A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence
We'd love to see:
- Experience integrating with and securing a combination of in-house developed and third-party solutions spanning on-prem and public cloud, and making build versus buy decisions
- Familiarity with data science/analytics, and their application to security
- Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports
- Ability to work with minimal supervision and to divide focus among many different projects
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
