Product Security Architect

Careers at Bloomberg

New York

Posted Oct 4, 2016 - Requisition No. 54833

We protect Bloomberg.

The Product Security Architecture team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices.

We'll trust you to:

  • Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks
  • Perform security design reviews of applications, systems, and networks
  • Perform code reviews of large applications, manually and using static analysis tools
  • Provide remediation guidance and recommendations to developers and administrators
  • Define security best practices and standards

You'll need to have:

  • Experience working with development teams to build secure solutions
  • Experience breaking down complex systems and applications to find flaws
  • Proficiency in reading, writing, and auditing C++ or Javascript, and the ability to pick up new languages/technologies
  • Familiarity with common vulnerabilities and attack vectors
  • Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
  • Solid understanding of secure network and system design
  • The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators and management

We'd love to see that you have experience:

  • as a developer
  • integrating security testing into the SDLC
  • providing security training to developers
  • as a consultant at a highly technical information security consultancy
  • working as a technical security architect or related security role in a company where there is a commitment to information security and technology
  • with additional programming languages such as Java, Python, C, C#, Scala
  • using static analysis tools
Similar jobs