Our Team:

We protect Bloomberg. The Product Security Architecture team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices.

We'll Trust You To:

•  Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks
•  Perform security design reviews of applications, systems, and networks
•  Perform code reviews of large applications, manually and using static analysis tools
•  Provide remediation guidance and recommendations to developers and administrators
•  Define security best practices and standards

You'll Need To Have:

•  Experience working with development teams to build secure solutions
•  Experience breaking down complex systems and applications to find flaws
•  Proficiency in reading, writing, and auditing C++ or Javascript and the ability to pick up new languages/technologies
•  Familiarity with common vulnerabilities and attack vectors
•  Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
•  Solid understanding of secure network and system design
•  The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management

We'd Love To See:

•  Experience as a developer
•  A background integrating security testing into the SDLC
•  Experience providing security training to developers
•  Prior work as a consultant at a highly technical information security consultancy
•  Previous work as a technical security architect or related security role in a company where there is a commitment to information security and technology
•  Additional programming languages such as Java, Python, C, C#, Scala
•  Use of static analysis tools

If This Sounds Like You:

Apply if you think we're a good match. We'll get in touch to let you know what the next steps are, but in the meantime feel free to have a look at this: https://www.bloomberg.com/company/

Bloomberg is an equal opportunities employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.