Senior Software Engineer – DevX SCAnS (Developer Experience)
Bloomberg
In Bloomberg, the Developer Experience (DevX) group provides services and tooling that empowers over 9,000 engineers with their productivity needs and enables them to write high quality, performant and secure code.
What goes into making Bloomberg’s software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you’ll help us answer!
The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg’s software supply chain (SSC) by enabling engineers to use open source and third party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (as SBOMs) is available throughout the SSC to build a software inventory, affording license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.
Our team is responsible for:Providing SBOM tooling and helping integrate it into our supply chainWorking across ecosystems to adjust our tooling to produce the best quality resultsControlling and tracking the ingress of software components into the firm’s networkSolving the firm’s operational resiliency needs for software ingress and component analysisWe are looking for a Senior Software Engineer to drive these projects in the SCAnS team.
What's in it for you?
As an engineer in this growing team, you will be at the heart of Bloomberg’s efforts to secure our software supply chain. This domain is extremely important for the firm’s security and operational resilience posture, and your work will be equally impactful and leveraged by all engineering teams.
With upcoming regulations around Operational Resilience such as DORA, Software Supply Chain security is a hot topic in the industry and a very dynamic space to be involved in. Our team leverages open-source software (e.g. Syft), and also influences the wider industry on standards for SBOMs and SSC. We also have home-grown solutions for specific problems (e.g. the domain of Ingress), providing a broad mix of technologies and approaches.
We will trust you to:Collaborate across multiple teams to perform cross-cutting workWork with users to understand their needsDevelop and deploy scalable solutions to meeting our supply chain needsIdentify risks with our supply chain end-to-end
You’ll need to have:Experience in Python or GoKnowledge of the software development lifecycleA passion for improving the firm’s security postureA drive to partner and collaborate with users and team members alikeWe’d love to see:Experience making upstream contributionsA history of making changes that involve multiple teamsKnowledge of software supply chains, SBOMs, and how they are usedAn awareness of vulnerability, malware and licensing challenges in third party software
What goes into making Bloomberg’s software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you’ll help us answer!
The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg’s software supply chain (SSC) by enabling engineers to use open source and third party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (as SBOMs) is available throughout the SSC to build a software inventory, affording license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.
Our team is responsible for:Providing SBOM tooling and helping integrate it into our supply chainWorking across ecosystems to adjust our tooling to produce the best quality resultsControlling and tracking the ingress of software components into the firm’s networkSolving the firm’s operational resiliency needs for software ingress and component analysisWe are looking for a Senior Software Engineer to drive these projects in the SCAnS team.
What's in it for you?
As an engineer in this growing team, you will be at the heart of Bloomberg’s efforts to secure our software supply chain. This domain is extremely important for the firm’s security and operational resilience posture, and your work will be equally impactful and leveraged by all engineering teams.
With upcoming regulations around Operational Resilience such as DORA, Software Supply Chain security is a hot topic in the industry and a very dynamic space to be involved in. Our team leverages open-source software (e.g. Syft), and also influences the wider industry on standards for SBOMs and SSC. We also have home-grown solutions for specific problems (e.g. the domain of Ingress), providing a broad mix of technologies and approaches.
We will trust you to:Collaborate across multiple teams to perform cross-cutting workWork with users to understand their needsDevelop and deploy scalable solutions to meeting our supply chain needsIdentify risks with our supply chain end-to-end
You’ll need to have:Experience in Python or GoKnowledge of the software development lifecycleA passion for improving the firm’s security postureA drive to partner and collaborate with users and team members alikeWe’d love to see:Experience making upstream contributionsA history of making changes that involve multiple teamsKnowledge of software supply chains, SBOMs, and how they are usedAn awareness of vulnerability, malware and licensing challenges in third party software
Por favor confirme su dirección de correo electrónico: Send Email