We protect Bloomberg.
The Product Security Architecture team is dedicated to making our products and technologies as secure as possible from design through development. We report into the CISO while working closely with development/engineering and other teams across the organization. Our colleagues depend on us to be application, network and host security pros. We specialize in defining security requirements, performing security assessments of our internal applications, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, a proposed network change, or provide guidance on security/coding best practices.
What’s The Role?
As a Security Automation Engineer, you will create tools and automate testing to enable us to scale and work more effectively, integrate security into the development lifecycle, and provide visibility into our security posture.
We'll Trust You To:
- Develop and customize security testing tools to be used by the team and by developers
- Work with development teams to find ways to integrate security testing into the SDLC
- Perform code reviews of applications, manually and using static analysis tools
- Provide remediation guidance and recommendations to programmers and administrators
You'll Need To Have:
- Experience using and customizing security static analysis tools such as Fortify, AppScan, Coverity, or Checkmarx
- Experience with common build systems such as CMake and Make
- Experience with continuous integration and test environments such as Jenkins and SonarQube
- Experience in software security testing, methodologies and frameworks
- Familiarity with common vulnerabilities and attack vectors
- The ability to communicate complicated technical issues and the risks they pose to programmers, network engineers, system administrators and management
We'd Love To See:
- Experience providing security training to developers
- Experience as a consultant at a highly technical information security consultancy
- Experience working as a technical security architect or related security role in a company where there is a commitment to information security and technology