Senior Software Engineer - DevX SCAnS (Developer Experience)

Senior Software Engineer - DevX SCAnS (Developer Experience)

Location: London

Business Area: Engineering and CTO

Ref #: 10043757

In Bloomberg, the Developer Experience (DevX) group provides services and tooling that empowers over 9,000 engineers with their productivity needs and enables them to write high quality, performant and secure code.

What goes into making Bloomberg's software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you'll help us answer!

The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg's software supply chain (SSC) by enabling engineers to use open source and third party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (as SBOMs) is available throughout the SSC to build a software inventory, affording license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.

Our team is responsible for:

• Providing SBOM tooling and helping integrate it into our supply chain
• Working across ecosystems to adjust our tooling to produce the best quality results
• Controlling and tracking the ingress of software components into the firm's network
• Solving the firm's operational resiliency needs for software ingress and component analysis

As an engineer in this growing team, you will be at the heart of Bloomberg's efforts to secure our software supply chain. This domain is extremely important for the firm's security and operational resilience posture, and your work will be equally impactful and leveraged by all engineering teams.

With upcoming regulations around Operational Resilience such as DORA, Software Supply Chain security is a hot topic in the industry and a very dynamic space to be involved in. Our team leverages open-source software (e.g. Syft), and also influences the wider industry on standards for SBOMs and SSC. We also have home-grown solutions for specific problems (e.g. the domain of Ingress), providing a broad mix of technologies and approaches.

• Collaborate across multiple teams to perform cross-cutting work
• Work with users to understand their needs
• Develop and deploy scalable solutions to meeting our supply chain needs
• Identify risks with our supply chain end-to-end

You'll need to have:

• Experience in Python or Go
• Knowledge of the software development lifecycle
• A passion for improving the firm's security posture
• A drive to partner and collaborate with users and team members alike

• Experience making upstream contributions
• A history of making changes that involve multiple teams
• Knowledge of software supply chains, SBOMs, and how they are used
• An awareness of vulnerability, malware and licensing challenges in third party software