Senior Cloud Security and Vulnerability Analyst

Details

The Threat and Vulnerability Management (TVM) team is dedicated to making systems and technologies as secure as possible. The team partners with internal technical departments to ensure the confidentiality, integrity, and availability of Bloomberg systems and the data processed. The role reports to the Chief Information Security Office (CISO) and focuses on ensuring Bloomberg products, systems, networks and commercial applications are built and maintained securely.

Responsibilities

• Perform IT security assessments and partner with other security or IT professionals to assess potential impact from vulnerabilities and determine appropriate mitigating controls.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities; initiate and track remediation through to completion.
• Understand business requirements and work with business partners to define appropriate solutions that meet both security mandates and business needs.
• Help standardize workflows, processes, procedures and reporting for the TVM program.
• Partner with Cloud Engineering teams to establish security baselines and best practices.
• Provide security guidance to Cloud Engineering teams encompassing perimeter, misconfigurations, asset visibility, policies, containers, patching cadence, and vulnerability scanning.
• Produce metrics and key performance indicators that demonstrate the effectiveness of remediation efforts.
• Improve the design and usefulness of IT security management tools and solutions.
• Work directly with security engineering and incident response teams to set strategic direction for the enterprise Threat and Vulnerability Management program.

Requirements

• Solid knowledge of cloud security and ability to rate vulnerabilities appropriately in the context of the infrastructure and application stack.
• 10+ years of proven IT operations, systems management, or IT security related experience.
• Hands-on expertise working with enterprise and cloud architectures.
• Understanding of Linux and Windows operating systems, system administration and engineering.
• Knowledge of IT security and system hardening best practices.
• Solid understanding of public cloud infrastructure concepts and terminologies.
• Experience analyzing vulnerability findings from IT and security management tools.
• Understanding of industry security standards such as CVE, CPE, CVSS and NIST.
• Ability to interpret complex data sets to make informed risk-based decisions.
• Strong organizational skills and ability to effectively manage complex tasks, projects, and agile frameworks.
• Excellent interpersonal and effective communication skills.

Preferred

• AWS / Azure Solutions Architect (highly preferred).
• Certified Cloud Security Professional (CCSP) is a plus.
• Experience building cloud resources and hardening them to CIS standards.
• SCRUM Master Certification or PMP certification.
• Solid understanding of risk management frameworks and security tools.
• Bachelor's degree in Computer Science, Engineering, or related fields.

Benefits

The company offers a comprehensive benefits plan that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) with match, life insurance, and various wellness programs. The company does not provide benefits directly to contingent workers/contractors and interns.

Salary

Salary Range: 195,000 - 240,000 USD Annual + Benefits + Bonus