Security Architect - Vulnerability Management - CTO ...

Security Architect - Vulnerability Management - CTO OfficeBloombergBloomberg delivers business and markets news, data, analysis, and video to the world, featuring stories from Businessweek and Bloomberg News.Location: New YorkBusiness Area: Engineering and CTORef #: 10042262Description & RequirementsBloomberg's Office of the CTO is the forward-looking technical arm of Bloomberg L.P. We envision the future of Bloomberg's business, and work to determine how technology helps achieve that vision. Above all else, we are passionate about what we do.The Security Services Architecture team, part of the CTO Infrastructure group, solves complex security problems and prototypes the next generation of infrastructure security technologies. Whether we're designing novel security controls or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg's infrastructure.As a CTO Security Architect, your leadership skills will influence the roadmap for future security technologies, while working alongside motivated engineers across the company to keep Bloomberg at the cutting edge. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team's goals.The role:Our team focuses on operational security at Bloomberg. We have a holistic view of the security operations landscape, from triage, to threat and vulnerability management, product security testing, and beyond. We are continuously upleveling on key capabilities and championing the use of automation and analytics to remain ahead of our adversaries. You'll work with our stakeholders to define roadmaps, support building and refining tools, and introduce technologies and methodologies to fulfill our mission. This is a high-leverage role in a cross-functional environment, so you'll need to be comfortable wearing many hats and balancing security expertise with business acumen.We'll trust you to:Develop a deep understanding of the workflows and technical requirements of our threat and vulnerability management and product security teams.Contribute to the long-term vision for threat and vulnerability management and product security at Bloomberg and take a leadership role in delivering on that vision.Collaborate with partners in our CISO's office and Engineering to develop and maintain program roadmaps; coordinate quarterly goal planning across these parties.Research emerging technologies and monitor the security tooling marketplace to help us maintain cutting edge capabilities.Identify process improvements and implement prevention strategies to mitigate operational risk in close partnership with engineering teams and security architects.Oversee security vendor partners for services such as vulnerability scanning, software testing, inventory tracking, and security posture management.You'll need to have:5+ years of experience designing, building, and managing operational security programs and tooling, ideally related to threat and vulnerability management and/or product security functions.Understanding of the day-to-day functions of the security operations center, threat and vulnerability management, and product security teams, and the challenges they face in large enterprise environments.Proficiency in vulnerability scanning tools and techniques as well as static and dynamic testing.Understanding of industry standards such as NIST CSF, ISO 27001, CIS, Cyber Kill Chain, CVE/CVSS, SBOMs, MITRE ATT&CK.Effective communication and ability to work across departments - you will need to build trust with peers and at the executive level while skillfully navigating organizational dynamics.A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence.We'd love to see:Experience integrating with and securing a combination of in-house developed and third-party solutions spanning on-prem and public cloud, and making build versus buy decisions.Familiarity with data science/analytics, and their application to security.Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports.Ability to work with minimal supervision and to divide focus among many different projects.Salary Range: 240,000 - 330,000 USD Annually + Benefits + BonusThe referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation, paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) + match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.#J-18808-Ljbffr

Created: 2025-03-06