Software Security Architect - Security Analytics & Identity Architecture (CTO Office)
New York, NY
Posted Nov 8, 2018 - Requisition No. 71872
The Bloomberg CTO Office is the future forward technical arm of Bloomberg L.P. We envision, design and prototype the next generation infrastructure, hardware and applications that interface in all aspects of the company including financial products, broadcast and media, data centers, internal IT and our global network. We are passionate about what we do.
On the Security Analytics & Identity Architecture team, you will help us design secure communications protocols and approach the challenges of identity management. In this role, you’ll be working to develop a secure user and device identity framework from the ground up. You will develop a coherent strategy for an internal PKI, and focus on making these technologies standards-driven, interoperable and accessible to engineers across the firm.
What's in it for you:
Our team focuses on the critical aspects necessary to securely bring Bloomberg's services to hundreds of thousands of customers every day. Working with multiple internal teams and external partners, you'll design, develop, and improve Bloomberg's customer-facing security services while pushing the envelope of low power usage, high performance, usability, and flexibility.
You will work alongside a security hardware platform that Bloomberg develops in-house. You’ll have an opportunity to work with this technology to support many identity initiatives, and influence its direction to build the best possible client experience.
We'll trust you to:
- Take a leadership role in defining tools, techniques and technologies used to securely authenticate Bloomberg’s users using a variety of factors
- Foster developing technology to make cryptographic primitives and secure key management technologies available to our engineers
- Help build out our technical product road map
- Identify security vulnerabilities and guiding developers and engineers in addressing these issues
- Provide requirements and insight to internal development teams and external vendors
- Foster a culture of security consciousness across various teams
You'll need to have:
- 5+ years of experience with designing and implementing cryptographic protocols
- 5+ years of experience with dealing with challenges around user, device and authentication in an interoperable way
- Strong understanding of applied cryptography in an enterprise environment
- Strong UNIX background, bonus points if you know how to build your toolchain
We'd love to see:
- Experience designing mutual authentication schemes in bandwidth-constrained environments (i.e. over low-bandwidth links)
- Extensive knowledge of various types of common attacks on cryptographic protocols and how to mitigate them (i.e. through mutual authentication)
- Practical knowledge of attacks against various ciphers (i.e. DPA, SPA, etc.)
- Practical experience with cryptography and key management, as well as understanding threats facing embedded device security
- Experience managing secret key material in HSMs, both for short-lived and long-lived credentials
- Experience with TLS internals