Threat Intel Lead

Careers at Bloomberg

New York

Posted Dec 2, 2016 - Requisition No. 55984

We protect Bloomberg.

Bloomberg's Chief Information Security Office (CISO) is seeking a passionate, experienced and motivated cyber security threat intelligence lead to help protect the organization and our constituents. Working within our Cyber Security Operations Center (CSOC), you will be part of our front line of defense by ensuring the threat intelligence information that directly influences our monitoring & response is well maintained, relevant and provides value to our program. Ideal candidates will deeply understand the current security threat landscape and work as a matrix leader across all three tiers of our CSOC program providing oversight and direction to team members who directly contribute to the threat intelligence program. Additionally, this role will assist in the coordination of response to notable cyber security investigations - working directly with our Cyber Security Incident Response Team (CIRT), Threat Analysis Team and others. This function is a key pillar of Bloomberg's cyber security program and will regularly liaise with senior leadership.

You'll need to be able to:

  • Working with the heads of the Cyber Security Operations Centers and Computer Incident Response Team to develop the overall strategy for Bloomberg's Threat Intelligence Program
  • Provide regular threat Intelligence briefings (Written and/or verbal) to senior management
  • Identify threat scenarios applicable to Bloomberg and build threat models that highlight new alerting opportunities
  • Oversee the successful delivery of new security alerts, working with members of the CSOC
  • Continually assess threat intelligence needs and suppliers against projected organizational requirements
  • Maintain relationships with all threat intelligence suppliers to facilitate fluid information exchange
  • Maximize return on investment with our suppliers through ongoing negotiations and relationship management
  • Work directly with our third level CIRT Team ensuring threat intelligence requirements are instrumented correctly within our monitoring tool-sets - up front and also through continual quality control
  • Assist CIRT engineers in the ongoing development of cyber defense tools, procedures, tuning and new detection capabilities
  • Contribute to our security metrics program by measuring the impact of security intelligence
  • May lead or participate in new technology reviews / POCs related to Cyber Threat Intelligence
  • Provide actionable intelligence to hunt teams to influence priorities and also participate in hunting activities as needed
  • Regularly meet with trusted industry partners and participate in the responsible sharing of threat information
  • Continuously track relevant threat actors and re-evaluate observed tactics, techniques and procedures to determine if our approach needs to be altered
  • As part of incident response, assist in the determination of severity and impact for any realized event and directly coordinate response activities for High or Medium severity incidents
  • Get involved in the creation of any required post mortem documentation / reports and provides recommendations for improvements to any of our defenses
  • Establish and maintain strong working relationships with peers to ensure threat intelligence information is being used effectively within network and end point preventive controls
  • Become intimately familiar with Bloomberg’s complex network and applications as a means to identify new threat models
  • May be asked to field critical issues after hours to further investigate and analyze issues observed by our 24x7 Tier 1 staff
  • Perform other related duties and projects as required to further enhance our threat intelligence capabilities

You need to have:

  • 7+ years’ experience within a Cyber security program with a focus on threat intelligence
  • Expert level understanding of common exploitation tools, tactics, procedures and remediation of malware
  • Strong and direct experiences working within threat intelligence sharing communities
  • Deep understanding of enterprise defense systems, such as NIDS, HIDS, SIEMs, web proxies, A/V
  • Very strong written and verbal communications skills - able to present to all levels
  • Strong understand and experience using Splunk
  • Capable of quickly learning new technical skills
  • Demonstrated expertise with threat hunting and threat modeling
  • Strong with all Microsoft Office solutions
  • Strong understanding of
  • Middle-ware web services (IIS, Apache)
  • Databases (MS SQL, Oracle, DB2)
  • Network routing protocols & TCP/IP
  • Windows, Linux and MAC Operating Systems
  • Familiarity with Active Directory and its related security controls
  • Routers, Firewalls, Switches, network transport and application protocols

We would love to see:

  • Bachelor’s or Masters degree in computer science or related field
  • Experience working with penetration testing tools and techniques
  • Experience with analyzing large data sets and intrusion detection systems
  • Direct experience working in a larger security operations center within the financial or media industries
  • Holding of relevant certifications such as GCIH, GPEN, CEH, CISSP
  • Moderate coding / scripting experience in one or more general purpose languages such as Python or R
  • Working experience with and/or deploying honeypots / honeynets
  • Experience with data analysis or machine learning is a plus

If this sounds like you: Apply! If we believe you're a good match, we'll get in touch with you to let you know the next steps.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Similar jobs