Sr. Security Engineer
New York, NY
Posted Jun 23, 2011 - Requisition No. 30457
The Company
Bloomberg, the global business and financial information and news leader, gives influential decision makers a critical edge by connecting them to a dynamic network of information, people and ideas. The company's strengths delivering data, news and analytics through innovative technology, quickly and accurately - is at the core of the Bloomberg Professional service, which provides real time financial information to more than 300,000 subscribers globally.
Bloomberg's enterprise solutions build on the company's core strength, leveraging technology to allow customers to access, integrate, distribute and manage data and information across organizations more efficiently and effectively. Through Bloomberg Law, Bloomberg Government and Bloomberg New Energy Finance, the company provides data, news and analytics to decision makers in industries beyond finance. And Bloomberg News, delivered through television, radio, mobile, the Internet and two magazines, Bloomberg Businessweek and Bloomberg Markets, covers the world with more than 2,300 news and multimedia professionals at 146 bureaus in 72 countries. Headquartered in New York, Bloomberg employs more than 13,000 people in 185 locations around the world.
The Role
Bloomberg needs a versatile security professional with expertise in Windows or UNIX and a practical understanding of real world hacking
Responsibilities Include:
- Examine platforms and technologies for exploitable vulnerabilities using dynamic and static analysis
- Prove exploitability of suspected vulnerabilities
- Provide design and architecture recommendations to a wide array of product teams and network engineers
- Consult teams on best practices for creating secure applications
- Perform web application penetration testing
Qualifications:
- At least 3 years of proven success in vulnerability analysis or penetration Testing
- Expert knowledge of at least one operating system (Windows, Linux, HP-UX, AIX, etc.)
- Strong skills in at least one programming language and one scripting language
- Strong skills in TCP/IP networking and network security
- Ability to develop and use effective custom penetration testing tools and other security related tools
Preferred:
- Experience with at least one dialect of assembly language
- Experience developing exploit code
- Expert knowledge in both Windows and UNIX operating systems
- No experience with XSS
Formal education in computer science, network engineering or similar fields is helpful but not required.