Bloomberg is fast becoming an ‘Open Source first’ company, meaning its reliance on Open Source software is ever-increasing. From the core infrastructure in our data centers, to the enterprise products we ship to clients - Open Source software is firmly ingrained within our technology and culture.

You will be responsible for securing Bloomberg’s software supply chain at scale, preventing vulnerable or malicious software from being consumed. You will work with stakeholders to design, implement and support these systems. You will need to use a variety of techniques, including automated scanning tools and promotion processes to manage the flow of software.

We’ll trust you to:

• Design and build systems that secure and provide visibility into Bloomberg’s software supply chain
• Work with upstream packaging ecosystems to implement secure designs and practices
• Enable Engineering teams to safely and confidently consume Open Source Software
• Help improve productivity for over 6000 developers by creating solutions that integrate with their day-to-day tooling and workflows
• Build and integrate with systems for protecting Bloomberg and it’s customers from vulnerabilities and malicious code in the Open Source Software 

You’ll need to have

• Knowledge of all parts of the SDLC
• A drive to partner and collaborate with stakeholders and team members alike
• Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
• Working knowledge of Linux environments
• Experience designing and implementing software in one more languages
• An understanding of current and emerging threat vectors in the software supply chain attack space

We’d love to see

• Experience with security practices and taking a shift-left approach
• Familiarity with Open Source communities and engagement
• A working understanding of multiple language ecosystems
• A background in DevOps, software infrastructure or similar discipline
• Knowledge of Software Composition Analysis tooling and processes
• An understanding of Software Supply Chain Security principles and standards (such as SLSA)

At Bloomberg we are extremely proud of our diverse, open, and inclusive culture. We value diversity of thought and perspective in every form. We're looking for engineers with a real passion for writing reusable, efficient solutions to complex problems, who can adapt to an ever-changing market landscape, and who can collaborate and work effectively on small teams to develop software that impacts thousands of financial institutions and decision makers around the world.

If this sounds like you, please apply!