Global Director of Product Security
New York, NY
Posted Mar 30, 2022 - Requisition No. 100193
The Product Security team, part of the Chief Information Security Office, is dedicated to helping Bloomberg build more secure information systems through security review and consultation. We work closely with development teams, product and business owners, and others across the organization to ensure that our most critical systems are designed, built, and deployed with security in mind.
We specialize in defining security requirements, performing application security assessments, and influencing teams towards safer, more secure code. Our colleagues turn to us with questions about application, network, and host security matters. On any given day, we're asked to evaluate a new system, review a proposed network change, or provide guidance on application security and coding best practices.
We'll Trust You To:
- Develop a program that focuses on building relationships with engineering teams to empower them to design, develop and deploy more secure systems and applications.
- Build a product security strategy and roadmap that enables secure code development to be at the forefront of the SDLC and top of mind across Bloomberg's development teams
- Work with application owners to ensure logging and monitoring requirements are designed into their products
- Oversee and enhance the different types of security assessments performed by the team, including penetration test, security code reviews and architecture reviews.
- Define, capture and monitor key metrics to help track the success of the product security program
- Manage and develop a team of highly technical engineers and security experts
- Good technical understanding of how penetration tests and security code review are performed
- Strong experience with popular static and dynamic code analysis technologies & tools
- Good understanding of common vulnerabilities and attack vectors
- Experience working with development teams to build secure solutions
- Experience breaking down complex systems and applications to find flaws
- The ability to communicate complicated technical issues and the risks they pose to engineers and product owners
- Strong organizational skills and ability to multitask
You’ll Need to Have:
We'd Love To See:
- Experience as a developer or development/product manager
- A background integrating security testing into the SDLC
- Prior work as a consultant at a highly technical information security consultancy
- Previous work as a technical security architect or related security role
- Previous product security roles
Bloomberg is an equal opportunities employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.