Senior Penetration Tester

Careers at Bloomberg

New York, NY

Posted Jul 20, 2017 - Requisition No. 59608

We protect Bloomberg.

The Penetration and Security Analysis Team is trusted as an authoritative internal resource for Bloomberg; we put security risks in context in order to help meet business goals. Each of us are specialists in application, network, and data security. On any given day we're performing penetration tests on both third party, internal applications, and networks while evaluating processes, network design and access controls.

You'll be trusted to conduct security assessments from start to finish with minimal assistance. You'll tap into your 'security instincts' to breakdown complicated technical issues and the risks they pose to programmers, network engineers, system administrators and management. Through collaboration with those teams you'll ensure correct design, development and implementation of internal and customer facing projects. Performing active assessments of the Bloomberg DMZ, Bloomberg customer network and Bloomberg corporate network and developing proof of concept exploit code to demonstrate severity of findings to all of the above will be second nature to you.

While deep technical skills are critical to success with us we're also looking for fast learners who are passionate about cyber security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important you know how to collaborate and be a great teammate.

You need to have:

  • Led and performed penetration testing on large enterprise Windows networks
  • Driven the "fix it" phase of penetration testing
  • Consistent record of discovering, analyzing and exploiting application vulnerabilities and misconfigurations on Windows platforms
  • Experience assessing and hardening Active Directory and Group Policy and knowledge of cutting edge security features of Microsoft Windows
  • Ability to adapt existing exploits or advisories into robust exploits specific to the Bloomberg environment
  • Familiarity with cutting edge trends in vulnerability analysis, exploit development and vulnerability discovery
  • Intimate knowledge of Windows internals, especially those relevant to authentication and access control and other facets of security
  • Ability to read, write, and audit C or C++
  • Proficiency in at least one scripting language (bash, perl, python, powershell, etc.)
  • Experience with development of custom toolsets when necessary
  • Strong Windows system administration and security assessment skills
  • Familiarity with auditing techniques for MSRPC and ActiveX interfaces
  • Familiarity with historical vulnerabilities in common operating systems (Windows, Solaris, Linux)
  • Excellent understanding of secure data storage and transport implementations (PGP/SSH/SSL/IPSEC/etc.)
  • Deep understanding of low level TCP/IP networking and common protocols such as RADIUS, LDAP, KERBEROS, etc.
  • Knowledge of secure network design
  • Experience analyzing network traffic captures using tools such as tcpdump, wireshark, etc.

We'd love to see:

  • Experience participating as a member of a red team
  • Experience working with BMC Bladelogic and HP Openview
  • Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg and/or other software analysis/debugging tools
  • Proficiency in reading at least one dialect of assembly
  • Familiarity with modern malware

If this sounds like you:Apply! If we think you are a good match we'll get in touch to let you know the next steps.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Similar jobs