Secure Compute Access Platform Engineer

Hybrid in New York, NY, US • Posted 9 hours ago • Updated 9 hours ago

Contract W2

No Travel Required

Hybrid

Depends on Experience

Fitment

Dice Job Match Score™

⭐ Evaluating experience...

Job Details

Skills

Web Services
Active Directory
Amazon Web Services
Bloomberg
Auditing
Caching
Cloud Computing
Code Refactoring
Collaboration
Communication
Computer Hardware
Continuous Integration
Continuous Integration and Development
Dashboard
Debugging
Estimating
File Systems
Internal Auditing
Issue Resolution
Linux
Load Balancing
Management
Microsoft Windows
Network
Middleware Development
Migration
Network Engineering
MySQL
OAuth
Partnership
Nginx
Performance Appraisal
Progress Chef
RESTful
Python
Redis
Reporting
Routers
Ruby
SAFE
SOAP
Shell
Smart Order Routing
Sprint
Stacks Blockchain
System Security
Testing
Unix
VMware ESXi

Summary

Role : Secure Compute Access Platform Engineer

Location : NYC,NY

Duration : 12+ months

Project Overview

The Compute Access Platform team is responsible for securing access to a wide array of Bloomberg''s compute resources. This includes building and operating solutions for both interactive and non-interactive engineer access, as well as managing secure inter-service communication. These solutions span diverse environments such as Unix, Windows, Appliances, and Network Routers.

This project encompasses maintenance, enhancement, support, validation, testing, continuous integration, monitoring, configuration, and bug-fix activities for the assigned application areas throughout the defined project period.

Key initiatives include:

Hardware refresh and refactoring services running on them
Refactoring monolithic applications into functional services deployed to dedicated clusters
Internal audit remediation
Enhanced restricted interactive shell containers

Project Scope

Secure SUDO Rules Delivery

Technologies: Python, Linux

Secure and protect sudo rules endpoint with OAuth token or equivalent.
Build monitoring and self-service deletion usage capabilities.

Timeframe: Q2 2026 – Q4 2026

SUDO Rule Migration and Recertification

Technologies: Python, Linux INIT

Migrate existing rules into the target system with recertification.

Deliverable: Existing rules migrated to the target system.

Timeframe: Q1 2027 – Q2 2027

BSHELL Hardware Refresh

Technologies: Python, Load Balancer Concepts, REST Services, MySQL

Refactor code and develop services.
Build enhanced gateway shell for BSHELL.
Setup new infrastructure.
Open required connectivity and deploy using staged rollout via Chef.

Timeframe: Q2 2026 – Q4 2026

BAMGW Hardware Refresh and Gateway Shell Rearchitecture

BAMGW is used as a jump server by PRQS PW, CP, and CT to access the appliance fleet. It is tagged for ESX migration and serves as critical infrastructure for appliance access.

Activities:

Infrastructure setup
Connectivity establishment
New gateway shell development
Traffic enablement

Timeframe: Q2 2026 – Q2 2027

NMSGW Hardware Refresh and Rearchitecture (getrouterwin)

The NMSGW gateway is currently unmanaged and powers the getrouterwin functionality used by Network Engineering.

Activities:

Infrastructure setup
Connectivity establishment
New gateway shell development
Traffic enablement

Timeframe: Q1 2027 – Q3 2027

Sudo Rule Migration and Recertification (Service Rewrite)

Technologies: Python

Rewrite existing Python service responsible for creating compute objects in Active Directory when cluster changes occur (new or modified clusters).

Timeframe: Q4 2026 – Q2 2027

OP1 Containers

This approach involves using containers configured to block write access to the host file system. It also enables safe deployment of additional debugging tools that are restricted or unsafe in the current rbash OP1 environment.

Activities:

Enhance the proof-of-concept into a production-grade restricted shell/container.
Gradual rollout with monitoring and user feedback.
Fleet-wide rollout.

Timeframe: Q3 2026 – Q2 2027

Internal Audit Remediation

Technologies: Python, Go, Chef (Ruby), INIT, Campaign

Objectives:

Remove persistent access to production infrastructure and replace with on-demand access.
Design and build monitoring and certification for high-risk production access.
Enforce default cluster restrictions for production Windows.
Build reporting capabilities with clear certification paths.

Timeframe: Q2 2026 – Q4 2027

Internal Audit Remediation – PRQS PW Support for Windows

Technologies: Python, Teleport

Timeframe: Q3 2026 – Q1 2027

PRQS PW Migration to OPA

Technology: Go

Timeframe: Q3 2026 – Q2 2027

Teleport Expansion for Public Cloud Resources

Technologies: Python, Go

Enable cloud compute resource access through Teleport.
Begin with AWS and design for extensibility across other cloud providers.

Activities:

Design
Proof of Concept
Implementation

Timeframe: Q1 2026 – Q4 2027

System Security Chef Recipe Refactoring

Technology: Chef (Ruby)

Activities:

Remove obsolete code
Move to MSE/applications cluster-specific configurations
Enhance logging, monitoring, alerting, and dashboards for core Chef client services such as:

appssh
sudo
sshd

Timeframe: Q1 2026 – Q4 2026

INFR Integration for Post-Decommission Cleanup

Technologies: Python, Go, Unix, Kafka

When a machine or cluster is decommissioned, remove compute access artifacts including:

appssh
sudo
GPO

This prevents issues if another host is created later using the same name.

Activities:

Design and POC
Implementation

Timeframe: Q1 2027 – Q4 2027

SOR for System Security Data

The goal of this initiative is to push system security machine attributes into SOR.

Attributes include:

AD domain membership status
Active Directory domain
SSSD or VASD version
Crypto policy
SSSD version
OpenSSH version

Activities:

Design
Implementation in partnership with SOR

Timeframe: Q2 2027 – Q4 2027

Teleport Resiliency and Stability Improvements

Develop automation to reduce complexity and improve the stability of Teleport deployments and configuration changes.

Activities:

Build Teleport beta cluster
Introduce additional labels to improve user experience
Develop a client utility for end compute devices to enhance user experience

Implementation will occur in phases.

Timeframe: Q3 2026 – Q4 2027

Required Skills

The project requires the following technical skills:

Middleware development (Go, Python, Nginx)
Web services development (SOAP, REST)
Programming across multiple stacks (Python, Go, Ruby preferred)
Distributed systems
Database systems (MySQL)
Distributed caching (Redis, etcd)
Automation, CI systems, and scripting
Linux OS
Troubleshooting, debugging, performance evaluation, and issue resolution

Prioritization

Project work will be prioritized and assigned to staff in 2-week or 4-week sprints.

Assignments will be based on:

Bloomberg DRQS tickets
JIRA cards
Technical specifications
Design specifications

Staff members are expected to submit effort estimates for each assignment.

Performance will be evaluated at the end of each sprint based on:

Timeliness
Code quality
Completeness

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 90977120
Position Id: 8933373
Posted 9 hours ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Senior Java Software Engineer

Jersey City, New Jersey

•

Today

RESPONSIBILITIES: Kforce has a client that is seeking a Senior Java Software Engineer in Jersey City, NJ. Duties Include: * Architect and develop distributed, event-driven trading systems optimized for low latency and high throughput * Design and implement asynchronous processing frameworks and resilient messaging services * Collaborate with internal and external teams to deliver robust, end-to-end trading workflows * Lead performance tuning and optimization efforts across the platform * Mentor

Contract

$75 - $85 hourly

Senior F5 Engineer

Hybrid in New York, New York

•

Today

Hiring: Senior F5 Engineer (C2C) Location: New York & Jersey City (Hybrid 3 days onsite) Key Responsibilities Design, implement, configure, and support F5 BIG-IP solutions (LTM, GTM/DNS, ASM, APM, AFM)Build and maintain advanced configurations (virtual servers, pools, profiles, iRules, SSL certs)Lead migrations from legacy load balancers to F5 (VE & vCMP)Perform upgrades, patching, and platform refresh activitiesDevelop and execute test plans for new deployments and upgradesTroubleshoot complex

Easy Apply

Contract

$50 - $60

Application Security Engineer

Hybrid in Brooklyn, New York

•

3d ago

About Us: Founded in 1997, PruTech is dedicated to problem-solving, creating solutions, and maintaining strong partnerships with its clients. PruTech serves a diverse list of clients in different industries from government to finance, retail, and manufacturing. PruTech has offices in New York City, Washington DC, North Carolina, and two nearshore offices in Mexico City and India. With over 20 years of Information Technology and system integration experience, PruTech provides multiple ways to a

Easy Apply

Third Party, Contract

70+

Principal Platform Engineer

New York, New York

•

Today

Location: New York City, NY Salary: $145,000.00 USD Annually - $180,000.00 USD Annually Description: JOB TITLE: ServiceNow Platform Engineer LOCATION: Downtown TYPE: Permanent (Full-Time) Purpose: The client manages extensive systems supporting financial, business, automated train operations, transportation technology, power systems, and physical security. The IT Department centrally delivers Information and Operational Technology (IT/OT) services across all agencies, operating 24/7/365. T

Contract

USD 145,000.00 - 180,000.00 per year

Search all similar jobs