Description & Requirements

Our team:

We are the CTO Security Service Infrastructure group. We solve complex systems problems, enabling our engineers to quickly ship new products, and prototype the next generation of infrastructure security technologies. Whether we're designing our next generation security controls, or threat modeling our distributed systems, our goal is to define the future of how we secure Bloomberg's infrastructure. That's where you come in.

As an architect and product owner in the CTO's office, you'll be trusted to understand the intersections between Bloomberg's global technology footprint, unique software stack, security requirements, provide guidance for usable infrastructure security, ensure that logical security controls are manageable at our scale, and much more. Your leadership skills will influence the roadmap for future security technologies, while working alongside motivated and talented engineers across the company. Our team works across many areas of security architecture, and you will have the opportunity to focus on the projects you are passionate about and bring your expertise to help reach our team's goals.

In this role, you will help define and drive Bloomberg's strategy for credential-based authentication experiences of how people gain access to Bloomberg systems securely and efficiently. This includes login workflows across our properties, the secure delivery and management of credentials for both clients and internal users, the policies and controls that govern password-based authentication, and the evolution of secure access patterns for engineering and enterprise environments. The role also includes helping shape the policies, standards, and safeguards for delegated access and related controlled access workflows. You will work across engineering, security, and business stakeholders to improve authentication experiences in ways that are usable, resilient, and scalable, while helping shape the long-term direction of the underlying controls, tools, and workflows that support them.

We'll expect you to:

• Evaluate and improve workflows related to first-time credential delivery, login orchestration, password setup, reset, recovery, and related authentication journeys.
• Drive the evolution Bloomberg's login process, including long-term direction, controls, and implementation priorities Define and refine password policy across enterprise and client-facing use cases, balancing security, usability, and supportability.
• Partner with adjacent authentication team members to ensure login and credential workflows integrate cleanly with federated access patterns where appropriate.
• Work with engineering teams to design and implement authentication-related solutions, controls, and integrations.
• Define policies, standards, and control frameworks for delegated access and other sensitive authentication-linked workflows, with appropriate guardrails for approval, accountability, and auditability.
• Establish a comprehensive understanding of current authentication workflows, dependencies, pain points, and future-state opportunities.
• Produce clear requirements, architecture direction, and implementation guidance for authentication-related initiatives.
• Partner with stakeholders across engineering, product, support, and business teams to align on priorities, tradeoffs, and delivery plans.
• Ensure appropriate auditing, reporting, and observability exist for authentication workflows and related controls.
• Assess risks and identify opportunities to strengthen authentication processes and password-related controls across the organization.
• Collaborate with vendors, consultants, and industry peers to exchange knowledge and stay informed about the latest advancements in authentication and credential management technologies.

You'll need to have:

• 7+ years of experience building, maintaining and managing security aspects of large-scale, distributed infrastructure and applications.
• Strong experience in authentication, credential management, and provision-related technologies including engineering, integration, and automation with an emphasis on security.
• A track record of building collaborative relationships with stakeholders across many functions, with a focus on correctness, scalability, and usability of distributed infrastructure. A long history of leading through influence and establishing consensus for execution.
• Ability to build proof-of-concepts solutions, innovate, and partner with Engineering teams to drive adoption.
• Ability to collect and document detailed product requirements including RFCs, design rationale, and decision making.
• The experience of knowing when to build, buy, or re-use.
• Deep knowledge of authentication protocols and standards and how they are adopted in large enterprises.
• Demonstrated polished written and oral communication skills, in a variety of circumstances from hands-on deep technical experts to senior leadership.

We'd love to see:

• Experience managing large scale infrastructure.
• Experience and knowledge of handling regulatory requirements such as GDPR, DORA, and HIPAA.
• Experience integrating with and securing a combination of in-house developed, open-source and third-party solutions.
• Hands-on experience with authentication and credential management products.
• Hands-on experience with enterprise identity management technologies, the challenges of marrying business requirements, organizational behaviors, and technology.

Salary Range = 240,000 - 330,000 USD Annual + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.