Software Security Architect - Security Analytics & Identity Architecture (Cto Office)

Bloomberg New York , NY 10007

Posted 1 week ago

The Bloomberg CTO Office is the future forward technical arm of Bloomberg L.P. We envision, design and prototype the next generation infrastructure, hardware and applications that interface in all aspects of the company including financial products, broadcast and media, data centers, internal IT and our global network. We are passionate about what we do.

On the Security Analytics & Identity Architecture team, you will help us design secure communications protocols and approach the challenges of identity management. In this role, you'll be working to develop a secure user and device identity framework from the ground up. You will develop a coherent strategy for an internal PKI, and focus on making these technologies standards-driven, interoperable and accessible to engineers across the firm.

What's in it for you:

Our team focuses on the critical aspects necessary to securely bring Bloomberg's services to hundreds of thousands of customers every day. Working with multiple internal teams and external partners, you'll design, develop, and improve Bloomberg's customer-facing security services while pushing the envelope of low power usage, high performance, usability, and flexibility.

You will work alongside a security hardware platform that Bloomberg develops in-house. You'll have an opportunity to work with this technology to support many identity initiatives, and influence its direction to build the best possible client experience.

We'll trust you to:

  • Take a leadership role in defining tools, techniques and technologies used to securely authenticate Bloomberg's users using a variety of factors

  • Foster developing technology to make cryptographic primitives and secure key management technologies available to our engineers

  • Help build out our technical product road map

  • Identify security vulnerabilities and guiding developers and engineers in addressing these issues

  • Provide requirements and insight to internal development teams and external vendors

  • Foster a culture of security consciousness across various teams

You'll need to have:

  • 5+ years of experience with designing and implementing cryptographic protocols

  • 5+ years of experience with dealing with challenges around user, device and authentication in an interoperable way

  • Strong understanding of applied cryptography in an enterprise environment

  • Strong UNIX background, bonus points if you know how to build your toolchain

We'd love to see:

  • Experience designing mutual authentication schemes in bandwidth-constrained environments (i.e. over low-bandwidth links)

  • Extensive knowledge of various types of common attacks on cryptographic protocols and how to mitigate them (i.e. through mutual authentication)

  • Practical knowledge of attacks against various ciphers (i.e. DPA, SPA, etc.)

  • Practical experience with cryptography and key management, as well as understanding threats facing embedded device security

  • Experience managing secret key material in HSMs, both for short-lived and long-lived credentials

  • Experience with TLS internals

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Identity & Access Management Security Architect VP

Morgan Stanley

Posted 3 days ago

VIEW JOBS 5/24/2019 12:00:00 AM 2019-08-22T00:00 At Morgan Stanley, we are thinking today about how to plan for and adapt to tomorrow's realities and position ourselves for long-term growth. We pursue sustainability not only because it reflects our values, but also because it is playing an increasingly important role in finance. Morgan Stanley is dedicated to making a positive contribution to society through our core business activities, employment practices, operations and philanthropic giving. Our growing focus on sustainable investing reflects our commitment to delivering scalable innovations and solutions that help maximize the potential for private capital to address the world's most pressing challenges. We believe we can partner with the millions of individuals we serve, as well as the governments and institutions for whom we advise, originate, trade, manage and distribute capital, to advance sustainable solutions globally. Morgan Stanley is a global financial services Firm with a large and diversified clientele. We encourage you to visit the Firm s Internet site at to learn more about Morgan Stanley. Technology Risk (TR)'s mission is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally-compliant manner. JOB DESCRIPTION Morgan Stanley's SecArch team is looking for an experienced Identity and Access Management (IAM) Architect, VP to join their established team. Security Architecture (SecArch) team is part of the Technology Risk (TR) organization. The mission of the team is to protect the Firm by ensuring in-scope technologies built internally, products purchased and services used meet security requirements that include the Firm's Policies, external guidelines, regulatory expectations, and appropriate controls in the areas of information security, secure design, and cyber security. We accomplish this mission via three primary services: architecture consulting, solutions consulting, and design review. The SecArch IAM Security Architect will be working on multiple security architecture and design assessments spanning a range of technologies, primarily related to IAM on-premises and cloud-based solutions. The architect is expected to be capable of conducting a security architecture review from a general scope, while having subject matter expertise in IAM security. To be successful in this role, the candidate must have deep IAM subject matter expertise and broad overall technology & security experience coupled with risk management, leadership, communication, and time management skills. RESPONSIBILITIES: * Work independently to lead SecArch deep dives with business and technology requestor * Conduct assessment and provide technology risk/requirements to the requestor in the IAM security domain * Prioritize risks identified in relation to business risks * Propose solutions to mitigate risks identified * Establish, communicate and contribute to the overall effort of the Firm's IAM security posture, strategies and direction * Leverage existing expertise in IAM on-premises or cloud-based solutions to identify gaps in current technology environment and provide strategy for risk reduction * Perform hands-on assessments of system, applications and platforms as part of control validation and strategy definition * Produce position papers on testing/research performed * Periodically review security reference architecture (security blueprints) and conduct updates/enhancements SKILLS REQUIRED: Security Architecture Skills Required – In depth knowledge of IAM security principles, protocols, frameworks, solutions and vulnerabilities. Ability to explain these vulnerabilities to engineers as well as business users. Required – Experience in at least two of the following domains: Identity: Identity lifecycle management Authentication: Multi-factor authentication, Risk based authentication, Federation Authorization: Entitlement management, Access governance, Privileged access management Cloud Security: Cloud computing architecture, IAM solutions within Microsoft Azure, Amazon Web Services (AWS) and, preferably, other cloud providers Required – Hands-on experience in at least three of the following IAM protocols and solutions: SAML, Siteminder, Kerberos, OpenID Connect, OAuth, Smartcard, U2F, UAF, RADIUS, PingFederate, ADFS, Azure AD, CyberArk, HiPAM and OpenIDM. Highly Desired – Hands-on experience in Microsoft Azure IAM solution Highly Desired – Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments. Desired – Experience in conducting security assessments with a strong focus on reviewing technical designs and functional requirements to identify areas of security weakness, presenting the outcomes of the assessment and obtaining buy in. Desired – Experience in the following security domains: Data protection, data leakage prevention and secure data transfer and storage Application Security - validation checking, software attack methodologies Cryptography – encryption and hashing Soft Skills (Required) Excellent communication skills: written, oral, presentation, listening Ability to influence through factual reasoning Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking Strong focus on delivery when presented with short timelines and increased involvement from senior management Ability to adjust communication of technology risks vs business risks based on the audience Ability to operate in multiple virtual teams, directly manage teams, or ability to operate as a sole-contributor Development Experience Required – Even though the SecArch Integrator role is not a development role, the candidate must have previous background in programming, design and application architecture. Required – In order to be a practical SecArch Integrator shall have experience implementing complex applications in an enterprise environment. Desired – Knowledge of programming and scripting languages: Java, JavaScript, C#, C/C , Perl, Python, Ruby Desired – Knowledge of web technologies such as Web Browsers, Web Servers, Web Services Other Areas of Expertise Desired – Understanding of geographic regulations and their impact on Security assessments Desired – Previous experience in Financial Services is preferred Desired – CISSP, CISM, GSEC or other industry qualification Desired – Experience working with global organizations Educational Requirements Bachelor's Degree in Computer Science, Information Security or other Engineering Degree with minimum 5 years relevant work experience in high-paced, enterprise environment Morgan Stanley New York NY

Software Security Architect - Security Analytics & Identity Architecture (Cto Office)