Infrastructure Engineer - Security Architecture

As an Infrastructure Engineer, you will build, automate, deploy, and operate endpoint security services at scale. This is an engineering role focused on automation, integrations, and production ownership, not a click-ops administration role. You will take business and security requirements and turn them into technical designs, rollout plans, implementation tasks, test plans, runbooks, and support procedures, then execute those plans in production.

The work is centered on endpoint technologies. That includes automating configuration changes through vendor Application Programming Interfaces (APIs), staging rollouts through identity and device targeting, collecting agent and console logs into internal systems, and managing upgrades with clear validation and rollback. Endpoint performance, user impact, and service health must be considered in every change.

This role requires strong infrastructure engineering fundamentals, experience operating at enterprise scale, and the ability to apply a modern Software Development Life Cycle (SDLC) to endpoint security services.

We'll trust you to

• Take business and security requirements and turn them into technical designs, rollout plans, implementation tasks, test plans, runbooks, and support models, then execute those plans in production
• Design, implement, and operate endpoint security services across Carbon Black, CrowdStrike, CyberArk Endpoint Privilege Management (EPM), Sysmon, and related internal integrations
• Build and maintain automation using Python, PowerShell, Bash, Ansible, Terraform, and vendor or internal Application Programming Interface (API) integrations to provision, configure, validate, upgrade, and troubleshoot endpoint agents at scale
• Build and manage Git based workflows and Continuous Integration and Continuous Delivery (CI/CD) pipelines for endpoint service configuration and automation, including Pull Request (PR) review, automated validation, staged promotion, rollback, and controlled release practices
• Plan and execute agent deployments, upgrades, and approved control rollout with clear validation around endpoint performance, user impact, service health, and rollback safety
• Build observability for the services you own, including health checks, dashboards, alerting, telemetry validation, and operational reporting, with an understanding of Service Level Objectives (SLOs) and Service Level Indicators (SLIs)
• Troubleshoot and restore service issues involving authentication, networking, proxies, certificates, endpoint agents, logging pipelines, and Software as a Service (SaaS) to on premise integrations, while partnering with internal teams and vendors to drive long term fixes

• 4+ years of experience engineering and operating enterprise infrastructure or endpoint security services in production at scale across Software as a Service (SaaS) and on premise environments
• Experience in Python or anotherobject orientedlanguage, plus PowerShell or Bash for operational automation
• Experience building tools and integrations using Representational State Transfer (REST) APIs and working with enterprise infrastructure services and vendor technologies
• Experience with Infrastructure as Code (IaC) and orchestration frameworks such as Terraform, Ansible, or similar tools
• Strong familiarity with Git workflows, Pull Request (PR) review, automated testing, and Continuous Integration and Continuous Delivery (CI/CD) pipelines
• Strong troubleshooting skills across authentication and authorization flows, enterprise networking, proxy constrained environments, certificates, endpoint agents, and distributed dependencies
• Experience building and operating observability for enterprise services, including health metrics, dashboards, alerting, telemetry checks, and operational measurements tied to SLOs and SLIs
• The ability to take ownership of issues end to end, create clear technical documentation from requirements, and drive work through implementation, validation, and support

We'd love to see

• Experience with one or more of the following technologies: Carbon Black, CrowdStrike, CyberArk Endpoint Privilege Management (EPM), Microsoft Entra, or Sysmon
• Experience managing endpoint agent lifecycle activities at scale, including deployment, approved control rollout, health validation, upgrades, rollback, and performance monitoring
• Experience integrating SaaS endpoint services with internal identity, logging, or software deployment systems
• Experience building drift detection, closed loop validation, or self-healing automation for endpoint services
• Strong written and verbal communication skills and the ability to work independently in a production engineering environment

Salary Range = 130000 - 225000 USD Annually + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our for an inside look at our culture, values, and the people behind our success.

Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.

The Global Corporate Technology Group is responsible for designing, deploying, and supporting Bloomberg's enterprise technology systems used by employees across our global environment. Within that organization, the Security Architecture team engineers and operates endpoint security services used across the corporate environment. Our team owns the design, build, deployment, integration, and support of endpoint security technologies across Windows and macOS. Linux support is expected to grow over time. We support Enterprise Endpoint Detection and Response (EDR) and Antivirus (AV) products including Carbon Black and CrowdStrike, Endpoint Privilege Management (EPM), and the integrations needed to connect these services with internal identity, logging, and software deployment systems. We are responsible for agent deployment, approved control rollout, version upgrades, automation, staged release, rollback planning, health monitoring, and production support. Endpoint stability and performance are a priority for the team. We work closely with internal Corporate Technology teams including Endpoint User Compute, Chief Technology Office (CTO), RISK, Technology Vulnerability Management (TVM), and the Computer Incident Response Team (CIRT) and Security Operations Center (SOC), but our focus is engineering, integration, and service ownership.