Security Engineer - Threat Detection
New York, NY
Posted Jun 5, 2019 - Requisition No. 75435
We protect Bloomberg.
The Cyber Security Operations Center (CSOC) works to understand the cyber threats we face as an organization, develops instrumentation for detection and monitors events 24x7 looking for suspicious activity. If an incident is confirmed, our goal is to respond effectively to reach the best outcome in a timely manner ensuring appropriate stakeholders are involved as required. We report into the CISO, but work closely with Engineering, Legal, Compliance and many others across the organization to help unify security event management and incident response. Our colleagues depend on us to be incident response pros that have a deep understanding of IT networks and systems. On any given day we analyze cyber security events, hunt for suspicious activity, research and disseminate threat intelligence, create / improve detection rules and create / automate response procedures.
What’s the Role:
As a CIRT Security Engineer within the CSOC, you’ll be responsible for the development of new methods and tools to detect suspicious and malicious events occurring on our networks and systems. This involves the analysis of raw security events and data emitted from various host and network sensors in our environment. You will also be expected to analyze new threat intelligence reports for use in threat hunting and new detection efforts and respond to incidents providing expert level analysis of file, host, and network artifacts.
You’ll need to have:
- A passion for exploring and parsing data; analyzing and developing new methods to detect the latest attack techniques and tactics used by adversaries.
- Prior experience creating and refining detection rules leveraging enterprise search products
- The desire to analyze threat intelligence to extract TTPs and Indicators and leverage them in new detection and hunting efforts.
- Previous experience with deep file, host, or network level analysis.
- A solid understanding of Windows, Linux, and Mac operating systems.
- Previous experience with enterprise search technologies such as Splunk and Elastic Stack (ELK)
- Experience with scripting and automation (Python preferred) and working with data formats such as JSON and XML.
We’d Love To See:
- Deep knowledge of Enterprise network and host security controls and detection techniques.
- A background in attacker tools and techniques leveraged against enterprise environments.
- Experience performing malware analysis and/or protocol analysis
- Prior experience performing threat hunting operations
- Prior experience with in Red Team/Blue Team and/or Purple Team exercises.
- Experience with Endpoint Detection and Response (EDR) tools e.g. osquery, sysmon, Carbon Black, Tanium, Falcon, etc.
- Experience with Network IDS, protocols, filtering and packet capture devices e.g. Snort, Suricata, NetWitness, Bro, etc.
- Familiarity with development processes and environment tools such as Git, Jira, Jupyter hub/notebooks.
What’s It Like To Work Here?
We work hard. We are ambitious and set ourselves tough business goals. We are a meritocracy, where everyone has a voice - not a job title. Working with people you trust, respect, and can collaborate with is more important than titles or position. Things move fast, and we want people who will enjoy working in this environment and feed off the energy. That being said, it isn’t all about work. Giving back is one of our core values, and there are many ways to get involved in philanthropic initiatives, from helping local school kids with their reading, to helping clean up local parks and waterways.
If This Sounds Like You:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.