In Bloomberg, the Developer Experience (DevX) group provides services and tooling that empower over 9,000 engineers with their productivity needs and enable them to write high-quality, performant, and secure code.

What goes into making Bloomberg’s software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you’ll help us answer!

The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg’s software supply chain (SSC) by enabling engineers to use open source and third-party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (such as SBOMs) is available throughout the SSC to build a comprehensive software inventory, facilitating license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.

Our team is responsible for:

Providing SBOM tooling and helping integrate it into our supply chain

Working across ecosystems to optimize our tooling for the best quality results

Controlling and tracking the ingress of software components into the firm’s network

Addressing the firm’s operational resiliency needs for software ingress and component analysis

We are looking for a Senior Software Engineer to drive these projects within the SCAnS team.

What''s in it for you?

As an engineer in this growing team, you will be at the forefront of Bloomberg’s efforts to secure our software supply chain. This domain is critical for the firm’s security and operational resilience, and your work will have a broad impact, leveraged by all engineering teams.

With upcoming regulations around Operational Resilience such as DORA, software supply chain security is a hot topic and a dynamic space. Our team leverages open-source software (e.g., Syft), influences industry standards for SBOMs and SSC, and develops proprietary solutions for specific challenges (e.g., ingress domain), employing a diverse set of technologies and approaches.

We will trust you to:

Collaborate across multiple teams on cross-cutting initiatives

Engage with users to understand their needs

Develop and deploy scalable solutions to meet supply chain requirements

Identify risks across the entire supply chain

You’ll need to have:

Experience in Python or Go

Knowledge of the software development lifecycle

A passion for enhancing the firm’s security posture

A drive to collaborate effectively with users and team members

We’d love to see:

Experience contributing to upstream projects

A history of coordinating changes across multiple teams

Knowledge of software supply chains, SBOMs, and their applications

Awareness of vulnerabilities, malware, and licensing challenges in third-party software

What makes the culture at Bloomberg unique?

One of the things that makes Bloomberg’s culture so unique is the fact that here …

#J-18808-Ljbffr