Application Security SAST Engineer | New York, NY | Bloomberg Careers

Application Security SAST Engineer

Careers at Bloomberg

Back to Search

New York, NY

Posted Apr 16, 2021 - Requisition No. 90225

Our Team:

The Product Security team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with engineering teams, product teams, and others across the organization to integrate security into the product life cycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're performing security reviews on internal and third party applications, providing guidance on security/coding best practices, as well as evaluating processes, network design, and access controls.

What is the Role?

As an Application Security SAST Engineer you will leverage your deep understanding of SAST tools in order to ensure their efficient and effective operation against our code base and custom frameworks.   You will work with team members to improve SAST tool processes and workflows, as well as write custom rules to address gaps identified by team members performing tool assisted security reviews.

We will trust you to:

  • Maintain SAST tools used by security teams and developers
  • Write custom SAST tool rules to better identify security vulnerabilities
  • Validate SAST tool findings and identify areas for improvement
  • Provide remediation guidance to programmers and management

You will need to have:

  • Experience configuring and writing custom rules for Fortify or Checkmarx
  • Experience triaging security vulnerabilities
  • Deep understanding of common security vulnerabilities and attack vectors
  • Experience writing and maintaining Python code
  • Ability to read and understand C/C++ code
  • The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.

We'd Love to See:

  • Experience reporting SAST tool and vulnerability metrics to management
  • Developer experience in Python or C/C++
  • Experience integrating multiple SAST tools into a security program

If this sounds like you:

Apply if you think we're a good match. We'll get in touch to let you know what the next steps are.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Similar jobs

    The Bloomberg Talent Network

    Stay connected with us and be among the first to learn about new job opportunities. We’ll use the information you provide to help us get in touch with you to align your expertise with our opportunities and better direct our conversations.