CSOC - Detection & Response Team Leader
New York, NY
Posted May 6, 2021 - Requisition No. 90595
We protect Bloomberg
The Cyber Security Operations Center (CSOC) works to understand the threats Bloomberg and its subsidiaries face and drives the adoption of technologies used for detection, response and monitoring. We proactively learn from these threats and build detections and contextual understanding into a globally distributed program that looks after security events 24x7x365. We strive to monitor meaningful events, respond quickly, and with high quality. If an Incident occurs, we are prepared to engage appropriate stakeholders and take action as needed. The CSOC department is part of the CISO organization and works closely with Engineering, Corporate Security, Legal, Compliance, CTO, Investigations and many others to help unify security event monitoring, cyber threat intelligence (CTI) and incident response (IR) activities. Our colleagues depend on us to be IR & CTI pros that have a deep understanding of IT networks, systems and applications. On any given day, the department may analyze security events, hunt for suspicious activity, research and disseminate threat intelligence products, identify detection opportunities, enhance procedures, respond to potential security incidents, drive prioritization for and test our tooling and/or train analysts.
In this role as team lead for our Detection & Response program, we trust you to:
Manage a team of highly skilled and experienced security analysts who focus primarily on security monitoring technology improvements & adoption, incident response and the development of detections. You will work closely and routinely with senior staff and leaders within the CSOC program including our leaders of Triage, Program Assurance, Threat Intelligence & Hunting. You will also regularly collaborate with other leaders across the CISO, CTO, IT, Risk and Engineering Departments to drive projects forward and make critical decisions that directly influence Bloomberg’s cyber defense posture. We will be looking for you to clearly set requirements for technology initiatives while also setting their prioritization. Your counterparts in Engineering will be looking for you to directly influence a large scope of work but also have your team participate, test and provide feedback for the products that are delivered to you.
You will be expected to:
- Lead the technical response to escalated security events and incidents with a strong ability to scope the entirety of the situation, collect relevant artifacts and deliver a confident assessment of the teams’ findings when all investigative leads have been exhausted
- Directly lead the containment and eradication phase(s) of cyber security incident response while involving appropriate stakeholders to further manage recovery, communications and post mortem
- Identify, test and lead the adoption of automation technologies that will improve our detections and workflows while minimizing efforts required to triage and respond to security events
- Perform research and build detections related to externally sourced threats
- Lead your team in structured hunting activities that help provide oversight and assurance to the CSOC monitoring program
- Drive continuous improvement of operational procedures and documentation
- Inspire and motivate a high performing team to achieve great results, while supporting individual growth and development objectives
- Build and drive strategies for your team that aligns with the department and business goals
- Develop and foster strong partnerships with all department leaders we work with including security leaders from Bloomberg subsidiaries
- Have strong presentation and communications abilities as well as direct experience communicating technical details to a non-technical, technical and/or senior level audience
- Regularly briefs senior managers to provide transparency into relevant initiatives in flight; including by creating and having strong command over metrics that measure the success of your program
- Stay well aligned and help drive prioritization for a Globally distributed CSOC program that operates across New York, London and Singapore, including participating in some after-hours calls
- Conduct evaluations and have career development conversations with team members
- Coach and mentor junior staff and provide inter-department training sessions
You will need to have:
- Solid experience working in a Cyber Security Operations type environment
- Expert level knowledge of technologies used for security incident detection, response and containment
- Strong understanding of computer networking concepts, including direct experience with Network IDS, protocols, filtering and packet capture devices
- A solid understanding of Windows, Linux, and Mac operating systems
- Extensive experience with log analysis & investigations
- Experience with scripting and automation (Python preferred) and working with data formats such as JSON and XML
- Strong experience with enterprise search technologies such as Splunk, Elastic Stack (ELK) and SIEM platforms
- Previous experience and a passion towards coaching and leading people
- A passion for exploring and parsing data; analyzing and developing new methods to detect the latest attack techniques and tactics used by adversaries.
- Demonstrated ability to juggle multiple projects and security investigations simultaneously. Your ability to delegate effectively will be tested in this role
- Experience with deep file, host, or network level analysis; including experience with EDR solutions
- Experience working in a cyber-threat intelligence role to the extent attacker tools and techniques leveraged against enterprise environments are well understood
- 10+ years of experience serving an incident response function
- 5+ years of experience working with tactical cyber threat intelligence
We would love to see:
- Deep knowledge of Enterprise network and host security controls and detection techniques
- Experience performing malware analysis and/or protocol analysis
- Prior experience performing threat hunting operations
- Prior experience with Red Team/Blue Team and/or Purple Team exercises
- Experience working with and/or leading development and/or SRE teams
- Familiarity with development processes and environment tools such as Git, Jira, Jupyter hub/notebooks.
- Any of the following certifications: CISSP, CISM, GMON, GCIH or similar
- Bachelors and/or Master’s degree in related field
What is it like to work here?
We work hard. We are ambitious and set tough business goals for ourselves. We are a meritocracy, where everyone has a voice - not a job title. Working with people you trust, respect, and can collaborate with is more important than titles or position. Things move fast, and we want people who will enjoy working in this environment and feed off the energy. That being said, it is not all about work. Giving back is one of our core values, and there are many ways to get involved in philanthropic initiatives, from helping local school kids with their reading, to helping clean up local parks and waterways.
If This Sounds Like You:
Apply if you think we are a good match. We will get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is the global leader in business and financial data, news and insight. Using the power of technology, we connect the world’s decision makers to accurate information on the financial markets – and help them make faster, smarter decisions.
Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.