Senior Penetration Tester

Careers at Bloomberg

New York

Posted Jun 15, 2016 - Requisition No. 50066

We protect Bloomberg.

The Penetration and Security Analysis Team is trusted as an authoritative internal resource for Bloomberg; we put security risks in context in order to help meet business goals. Each of us are specialists in application, network, and data security. On any given day we're performing pentests on both third party and internal applications and networks or evaluating processes, network design and access controls.

On our team you'll be trusted to conduct a security assessments from start to finish with minimal assistance. You'll tap into your 'security instincts' to breakdown complicated technical issues and the risks they pose to programmers, network engineers, system administrators and management. Through collaboration with those teams you'll ensure correct design, development and implementation of internal and customer facing projects. Performing active assessments of the Bloomberg DMZ, Bloomberg customer network and Bloomberg corporate network and developing proof of concept exploit code to demonstrate severity of findings to all of the above will be second nature to you.

While deep technical skills are critical to success with us we're also looking for fast learners who are passionate about cyber security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important you know how to collaborate and be a great teammate.

You need to have:

  • Managed and performed penetration testing on large enterprise Windows networks
  • Driven the "fix it" phase of penetration testing
  • Consistent record of discovering, analyzing and exploiting application vulnerabilities and misconfigurations on Windows platforms
  • Experience assessing and hardening Active Directory and Group Policy and knowledge of cutting edge security features of Microsoft Windows
  • Ability to adapt existing exploits or advisories into robust exploits specific to the Bloomberg environment
  • Familiarity with cutting edge trends in vulnerability analysis, exploit development and vulnerability discovery
  • Intimate knowledge of Windows internals, especially those relevant to authentication and access control and other facets of security
  • Ability to read, write, and audit C or C++
  • Proficiency in at least one scripting language (bash, perl, python, powershell, etc.)
  • Experience with development of custom toolsets when necessary
  • Strong Windows system administration and security assessment skills
  • Familiarity with auditing techniques for MSRPC and ActiveX interfaces
  • Familiarity with historical vulnerabilities in common operating systems (Windows, Solaris, Linux)
  • Excellent understanding of secure data storage and transport implementations (PGP/SSH/SSL/IPSEC/etc.)
  • Deep understanding of low level TCP/IP networking and common protocols such as RADIUS, LDAP, KERBEROS, etc.
  • Knowledge of secure network design
  • Experience analyzing network traffic captures using tools such as tcpdump, wireshark, etc.

We'd love to see:

  • Experience participating as a member of a red team
  • Experience working with BMC Bladelogic and HP Openview
  • Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg and/or other software analysis/debugging tools
  • Proficiency in reading at least one dialect of assembly
  • Familiarity with modern malware
Similar jobs