Bloomberg Product Security – Automation Engineer (Development) in New York, New York

Job Requisition Number: 66101

Our Team:

We protect Bloomberg.

The Product Security Architecture team is dedicated to making our products and technologies as secure as possible from design through development. We report into the CISO while working closely with development/engineering and other teams across the organization. Our colleagues depend on us to be application, network and host security pros. We specialize in defining security requirements, performing security assessments of our internal applications, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, a proposed network change, or provide guidance on security/coding best practices.

What’s The Role?

As a Security Automation Engineer, your job will be to create tools and automate testing to enable us to scale and work more effectively, provide visibility into our security posture, and integrate security into the development lifecycle.

We'll Trust You To:
  • Develop and customize security testing tools to allow the team and developers to identify vulnerabilities in applications and systems
  • Work with development teams to find ways to integrate security testing into the SDLC
  • Use static analysis to identify vulnerabilities in applications
  • Use third party tools and APIs to assess the security of applications and infrastructure, measure compliance, etc.
You'll Need To Have:
  • Experience developing applications and integrating with 3rd party APIs
  • Experience with common build systems such as CMake and Make
  • Experience with continuous integration and test environments such as Jenkins and SonarQube
  • Proficiency in reading, writing, and auditing compiled languages like C/C++/Java and interpreted languages like Python or Javascript, and capability to pick up new languages/technologies
  • An interest in security and familiarity with common security vulnerabilities and attack vectors
  • Familiarity with public cloud (AWS, Azure, GCP) and private cloud infrastructure
We'd Love To See:
  • Experience using and customizing security static analysis tools such as Fortify, AppScan Source, Coverity, or Checkmarx
  • Experience in software security testing, methodologies, and frameworks
  • Experience as a consultant at a highly technical information security consultancy
  • The ability to communicate complicated technical issues and the risks they pose to programmers, network engineers, system administrators and management
If This Sounds Like You:

Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this:

https://www.bloomberg.com/company/

Bloomberg is an equal opportunities employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.