Vacancy caducado!
Product Security Architect
Our Team: We protect Bloomberg. The Product Security Architecture team is dedicated to making our products and technologies as secure as possible. We report into the CISO, but work closely with development teams, product teams, and others across the organization to integrate security into the product lifecycle from design through deployment. Our colleagues depend on us to be application, network, and host security pros. We specialize in defining security requirements, performing application security assessments, and providing developers with remediation advice. On any given day we're pulled in to evaluate a new system, review a proposed network change, or provide guidance on application security/coding best practices. We'll Trust You To:- Work independently with developers, system/network administrators, product owners, and other colleagues to ensure secure design, development, and implementation of applications and networks
- Perform security design reviews of applications, systems, and networks
- Perform code reviews of large applications, manually and using static analysis tools
- Provide remediation guidance and recommendations to developers and administrators
- Define security best practices and standards
- Experience working with development teams to build secure solutions
- Experience breaking down complex systems and applications to find flaws
- Proficiency in reading, writing, and auditing C or Javascript and the ability to pick up new languages/technologies
- Familiarity with common vulnerabilities and attack vectors
- Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
- Solid understanding of secure network and system design
- The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management
- Experience as a developer
- A background integrating security testing into the SDLC
- Experience providing security training to developers
- Prior work as a consultant at a highly technical information security consultancy
- Previous work as a technical security architect or related security role in a company where there is a commitment to information security and technology
- Additional programming languages such as Java, Python, C, C#, Scala
- Use of static analysis tools
Vacancy caducado!