CSOC Data Ops Specialist
Listed on 2026-06-18
-
IT/Tech
Cybersecurity, Security Manager
Bloomberg’s Cyber Security Operations Center (CSOC) plays a critical role in safeguarding the company’s digital environment, actively monitoring systems and networks for any signs of suspicious activity. When a confirmed incident occurs, CSOC leads containment and response efforts, formalizing lessons learned and hardening defenses against future attacks.
CSOC Program Assurance ensures that the CSOC program is delivered in a structured, measurable, and reliable way. We partner closely with teams across the firm to improve our ability to detect and investigate security incidents, ensure the effectiveness of the security controls we rely on, and continuously strengthen our monitoring capabilities.
On any given day, we may be overseeing cross departmental initiatives, improving security monitoring processes, supporting our partners across the firm, managing vendors or audits, and reporting on CSOC health and effectiveness. A critical part of our mission is ensuring that the CSOC has complete, reliable, and high quality security data. Our team works with system, application, infrastructure, cloud, and vendor partners to onboard the logs CSOC needs, verify they continue to flow as expected, and resolve issues when they do not.
We’lltrust you to:
Primary Focus – Security Data Management
- Own and drive the end to end onboarding of security logs required by CSOC monitoring, detection, and investigation platforms.
- Partner directly with system and data owners across the firm to identify required telemetry, enable log delivery, and resolve technical blockers.
- Act as the technical point of coordination for log ingestion, including format alignment, parsing, normalization, enrichment, and data quality validation.
- Ensure the ongoing health and continuity of log flows, proactively identifying and troubleshooting breaks, delays, and degradation.
- Perform root cause analysis on logging gaps or ingestion failures and coordinate remediation with internal engineering teams and external vendors.
- Maintain accurate documentation, inventories, and standards related to log coverage, ingestion methods, and operational dependencies.
- Evaluate new systems, services, and vendor solutions to determine logging feasibility and monitoring coverage, identifying risks and gaps early.
- Drive incremental improvements in automation, validation, and monitoring of log ingestion pipelines to improve reliability and reduce manual effort.
- Support the rollout of new CSOC use cases, detections, and tools by ensuring required data sources are available and reliable.
- Manage and contribute to initiatives and projects that improve CSOC monitoring capabilities and operational effectiveness.
- Funnel and facilitate audit, risk, and external requests for information, particularly those related to logging, monitoring, and detection coverage.
- Coordinate the efforts of technical resources working to deliver projects benefiting the CSOC.
- Develop and maintain processes, procedures, and documentation to ensure operational consistency.
- Assemble and present CSOC metrics and KPIs, including measurements related to log coverage, data health, and control effectiveness.
- Measure and help improve the effectiveness of CSOC’s key technical controls to ensure business objectives are met.
- Measure and track services provided to the CSOC by internal and external vendors to verify commitments are met.
- Provide oversight that aims to ensure the efficacy and completeness of CSOC’s detection program.
- Generate ideas for continued improvement, including conceptual design of new threat scenarios.
- Demonstrate sound judgment, a strong sense of ownership, do the right thing, and escalate when appropriate.
- Approximately 4–6 years of relevant experience in security operations, infrastructure, or technology roles with a strong technical focus.
- Hands‑on experience with log management, security telemetry, or data ingestion pipelines in a production environment.
- Practical experience with SIEM or security analytics platforms, such as Splunk and/or Crowd Strike Log Scale.
- Strong understanding of security telemetry sources, including operating…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).