Senior Software Engineer/SRE - Security Detection and Analytics Engineering
New York, NY
Posted Apr 27, 2023 - Requisition No. 115886
The Security Detection and Analytics Engineering (SDAE) team is the dedicated security engineering team for Bloomberg's Computer Incident Response team (CIRT) and Cyber Security Operations Center (CSOC) which falls under the Chief Information Security Office (CISO).
There is a separate SDAE development team that builds full stack software, leverages open source technologies, and connects with vendor appliances and APIs. We are in charge of management, provisioning, capacity, monitoring, and alarming of the infrastructure-as-a-service provided for the CSOC. We also oversees ingestion of, and analytics on, a wide variety of datasets critical for maintaining the security posture of the company.
We are part of a wider Platform Security group, which in partnership with Bloomberg’s Security Architecture and Information Security operations teams, designs, develops and deploys security products and solutions internally! The goal of the wider group is to enable application teams to deliver secure products to our clients, supporting our operational security teams in detection and analysis of unusual behaviors, supporting response if necessary, and enabling workplace agility without compromising security.
We are an open source first team, favoring open standards where possible, and building on open source technology where available. Our products are built using a variety of frameworks, programming languages and technology stacks. Many members of our team are active open source contributors, looking to give back to these communities, wherever possible.
You can read more about some of our projects and responsibilities at https://bburl/SDAE.
- Ensure the stability of the existing infrastructure while working on the next generation of infrastructure as a service
- Deploy large scale visibility tools across hosts and networks
- Work with heterogeneous systems including but not limited to servers, databases, security appliances and software to ensure high availability of all applications and infrastructure as a service
- Build automated deployment pipelines, monitoring and failover
- Continuously re-evaluate, automate and modernize applications and infrastructure to meet the latest security, industry and company-wide standards
- Support custom in-house applications, open source and commercial tools
- Integrate with a mix of on-premises and public cloud applications to provide security visibility wherever necessary
We'll trust you to:
- Help apply SRE standard methodologies to our solutions
- Engineer solutions to monitor the health, availability, and capacity of our environment
- Use automation to bring scalability and efficiency to our systems
- Maintain monitoring of our systems and provide solutions that can react to those alarms to minimize client impact and manual intervention
- Assist in architecting large-scale secure solutions for our teams products
- Define service level objectives and appropriate metrics to measure our performance against those objectives
- Automate the configuration and management of infrastructure and applications with modern orchestration tools
- Fix applications, networks, and operating systems
- Write software in languages such as Python to automate tasks and interact with APIs
- Assist our dedicated development team with CI/CD pipelines
- Work with internally developed, open source and commercial security applications and appliances
You'll need to have:
- 4+ years of experience in a software engineer or SRE role with programming experience with an object oriented language (Python, Golang, or Similar)
- A Degree in Computer Science, Engineering, Mathematics, similar field of study or equivalent work experience
- Solid knowledge of networking: Understanding of TCP/IP, OSI model and common protocols. Ability to solve network issues
- Orchestration and Automation Frameworks: Ansible, Chef, Puppet, Salt
- Familiarity with logging and metrics: Splunk, Crowdstrike Falcon Logscale ElasticSearch, Grafana
We'd love to see:
- Experience with continuous integration and deployment tools
- Experience with Kubernetes
- System administration knowledge: OS and service administration and hardening (HTTP, DNS, NTP, SMTP, Active Directory, LDAP and other common services) for the purposes of integration, automation, and troubleshooting
If this sounds like you, apply!
Bloomberg is an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy, parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email Amer_recruit@bloomberg.net
The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation [Exempt roles only], paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.
Salary Range: 160,000 - 240,000 USD Annually + Benefits + Bonus