New York, NY
Posted May 25, 2018 - Requisition No. 67283
We protect Bloomberg.
The Penetration and Security Analysis Team is trusted as an authoritative internal resource for Bloomberg. We put security risks in context in order to help meet business goals. Each of us are specialists in application, network, and data security. On any given day we're performing penetration tests on third party, internal applications, and networks; while evaluating processes, network design, and access controls.
What's The Role:
As a Penetration Tester, you'll be trusted to conduct security assessments from start to finish with minimal assistance. You'll tap into your "security instincts" to breakdown complicated technical issues and the risks they pose to programmers, network engineers, system administrators, and management. You will collaborate with those teams and ensure correct design, development, and implementation of internal and customer facing projects. You will perform active assessments of the Bloomberg DMZ, Bloomberg customer network, and Bloomberg corporate network and developing proof of concept exploit code to demonstrate severity of findings to all of the above. This is automated vulnerability scanner role.
While deep technical skills are critical to success with us, we're also looking for fast learners who are passionate about cyber security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important you know how to collaborate and be a great teammate.
You'll Need To Have:
- Led and performed penetration testing on large enterprise Windows networks
- Driven the "fix it" phase of penetration testing
- Consistent record of discovering, analyzing and exploiting application vulnerabilities and -mis-configurations on Windows platforms
- Experience assessing and hardening Active Directory and Group Policy along with knowledge of cutting edge security features of Microsoft Windows
- Familiarity with cutting edge trends in vulnerability analysis, exploit development, and vulnerability discovery
- Intimate knowledge of Windows internals, especially those relevant to authentication, access control, and other facets of security
- Ability to read, write, and audit C or C++
- Proficiency in at least one scripting language (bash, perl, python, powershell, etc.)
- Experience with development of custom toolsets when necessary
- Strong Windows system administration and security assessment skills
- Familiarity with historical vulnerabilities in common operating systems (Windows, Solaris, Linux)
- Demonstrable understanding of secure data storage and transport implementations (PGP/SSH/SSL/IPSEC/etc.)
- Familiarity of low level TCP/IP networking and common protocols such as RADIUS, LDAP, KERBEROS, etc.
- Knowledge of secure network design
- Experience analyzing network traffic captures using tools such as tcpdump, wireshark, etc.
We'd Love To See:
- Experience participating as a member of a red team
- Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg and/or other software analysis/debugging tools
- Proficiency in reading at least one dialect of assembly
- Familiarity with modern malware
What’s It Like To Work Here?
We work hard. We are ambitious and set ourselves tough business goals. We are a meritocracy, where everyone has a voice - not a job title. Working with people you trust, respect, and can collaborate with is more important than titles or position. Things move fast, and we want people who will enjoy working in this environment and feed off the energy. That being said, it isn’t all about work. Giving back is one of our core values, and there are many ways to get involved in philanthropic initiatives, from helping local school kids with their reading, to helping clean up local parks and waterways.
If This Sounds Like You:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.