New York, NY
Posted Jun 20, 2019 - Requisition No. 75699
We protect Bloomberg.
The Cyber Security Operations Center (CSOC) works to understand the cyber threats we face as an organization, develops instrumentation for detection and monitors events 24x7 looking for suspicious activity. The Log Management & Solution Engineering team is part of the CSOC. Our team goals are to ensure the CSOC has relevant data and tools to detect, investigate and respond to incidents without delay. We engage closely with Engineering and many others across the organization to identify security-relevant data sources and then work with data owners to bring their information into our security monitoring environment. On any given day we dig into security logs, architect data ingestion pipelines, research new security alert ideas, maintain hardware and software infrastructure and create automation to make the machines run. We also help drive Proof of Concept (POC) testing and implementation of new commercial technologies for the CSOC. We are responsible for the maintenance and enhancement of certain insider threat rules / policies including those used for detecting data loss.
What's The Role:
As a Security Engineer you will be responsible for our security tools and the event log pipeline and ensuring that the Security Operation Center Analysts have the proper data and technology to make critical security decisions. Your primary responsibility will be to build and maintain infrastructure, data and monitoring systems, including rules and policies that the CSOC relies on to carry out their mission. You will work to support the existing infrastructure of systems and tools, develop new security monitoring solutions and collaborate across the organization to enhance coverage, visibility and bring on new data for security monitoring.
You'll Need To Have:
- Proven track record deploying and managing commercial and open-source solutions
- Log management and SIEM products: Splunk, ElasticSearch, Humio, etc
- Infrastructure: VMVare, Docker, Linux, Windows
- Databases: MySQL, MongoDB
- Monitoring and automation: Nagios, Ansible
- Experience with security, infrastructure and network logs across various platforms and operating systems
- Knowledge of commercial DLP solutions and demonstrated ability to craft rules/policies
- Familiarity with log transport mechanisms including various flavors of syslog, Kafka, Logstash, etc
- Understanding of security principles, threats and attacks
We'd Love To See:
- Experience researching, developing, and testing detection criteria using data sources from multiple platforms including: Windows, Linux/Unix, Network devices, etc.
- Familiarity with security options available from Cloud service providers including IaaS and SaaS offerings
- Experience working in a Cyber Security Operations Center setting where you have gained familiarity with standard work flows
- Experience working with security related data sources such as Firewalls, Intrusion Detection, Malware Detection, etc…
What’s It Like To Work Here?
We work hard. We are ambitious and set ourselves tough business goals. We are a meritocracy, where everyone has a voice - not a job title. Working with people you trust, respect, and can collaborate with is more important than titles or position. Things move fast, and we want people who will enjoy working in this environment and feed off the energy. That being said, it isn’t all about work. Giving back is one of our core values, and there are many ways to get involved in philanthropic initiatives, from helping local school kids with their reading, to helping clean up local parks and waterways.
If This Sounds Like You:
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:
Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.