Infrastructure Security Architect - Secret & Identity Management (CTO Office)
New York, NY
Posted Jan 15, 2020 - Requisition No. 80754
The Bloomberg CTO Office is the future-looking technical arm of Bloomberg L.P. We envision, design and prototype the next generation infrastructure, hardware and applications that interface in all aspects of the company including financial products, broadcast and media, data centers, internal IT and our global network. We are passionate about what we do.
As a member of the Security Analytics and Identity Architecture team, you will help design ways to securely identify services in a variety of environments, ranging from public cloud through to private data centers. You will also address challenges around secret management and how services in a variety of environments can manage and verify identities, while containing impact in the event of compromise. You will develop a strategy for an internal public key infrastructure, focusing on making these technologies standards-driven, interoperable and accessible to engineers across the firm.
What's in it for you:
Our team focuses on the critical aspects necessary to securely bring Bloomberg's services to hundreds of thousands of customers every day. Working with multiple internal teams and external partners, you'll design, develop, and improve Bloomberg's customer-facing security services, supporting engineers rapidly delivering new products in a variety of infrastructure environments. You will influence the selection of technologies used to build BeyondProd and similar kinds of zero-trust infrastructure.
We'll trust you to:
- Take a technical leadership role in defining strategies for service and user identity management
- Foster developing technology to make cryptographic primitives and secret management technologies available to our engineers
- Help build out our technical product road map and define best practices for these technologies, working with partners in our CISO’s office as well as in Engineering
- Identify security vulnerabilities, guiding developers and engineers in addressing these issues
- Provide requirements to both internal development teams and external vendor, and foster a culture of security consciousness across Engineering and Product teams
You'll need to have:
- 5+ years of experience developing and deploying security-related infrastructure technologies
- Understanding of cryptographic protocols and trade-offs that need to be made in various environments
- Understanding of Hashicorp Vault, AWS Secrets Manager, Azure Key Vault and other secret management technologies, both for public cloud and on-premise applications
- A strong UNIX systems background
- A hands-on, teamwork-oriented approach, focused on building consensus and managing through influence
We'd love to see:
- Understanding of the challenges operating trusted infrastructure in public cloud environments, as well as on-premises
- Practical experience with cryptography and key management, as well as understanding threats facing embedded device security
- Experience managing secret key material in HSMs, when appropriate
- Exposure to technologies like SPIFFE, OPA and some of the fledgling implementations of these technologies