In Bloomberg, the Developer Experience (DevX) group provides services and tooling that empower over 9,000 engineers with their productivity needs and enable them to write high-quality, performant, and secure code.
What goes into making Bloomberg’s software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you’ll help us answer!
The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg’s software supply chain (SSC) by enabling engineers to use open source and third-party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (such as SBOMs) is available throughout the SSC to build a comprehensive software inventory, facilitating license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.
Our team is responsible for:
1. Providing SBOM tooling and helping integrate it into our supply chain
2. Working across ecosystems to optimize our tooling for the best quality results
3. Controlling and tracking the ingress of software components into the firm’s network
4. Addressing the firm’s operational resiliency needs for software ingress and component analysis
We are looking for a Senior Software Engineer to drive these projects within the SCAnS team.
Whats in it for you?
As an engineer in this growing team, you will be at the forefront of Bloomberg’s efforts to secure our software supply chain. This domain is critical for the firm’s security and operational resilience, and your work will have a broad impact, leveraged by all engineering teams.
With upcoming regulations around Operational Resilience such as DORA, software supply chain security is a hot topic and a dynamic space. Our team leverages open-source software (e.g., Syft), influences industry standards for SBOMs and SSC, and develops proprietary solutions for specific challenges (e.g., ingress domain), employing a diverse set of technologies and approaches.
We will trust you to:
1. Collaborate across multiple teams on cross-cutting initiatives
2. Engage with users to understand their needs
3. Develop and deploy scalable solutions to meet supply chain requirements
4. Identify risks across the entire supply chain
You’ll need to have:
1. Experience in Python or Go
2. Knowledge of the software development lifecycle
3. A passion for enhancing the firm’s security posture
4. A drive to collaborate effectively with users and team members
We’d love to see:
1. Experience contributing to upstream projects
2. A history of coordinating changes across multiple teams
3. Knowledge of software supply chains, SBOMs, and their applications
4. Awareness of vulnerabilities, malware, and licensing challenges in third-party software
What makes the culture at Bloomberg unique?
One of the things that makes Bloomberg’s culture so unique is the fact that here …
J-18808-Ljbffr