Senior Software Engineer – DevX SCAnS London, GBR Posted today

In Bloomberg, the Developer Experience (DevX) group provides services and tooling that empowers over 9,000 engineers with their productivity needs and enables them to write high quality, performant and secure code.

What goes into making Bloomberg’s software? Where do these components come from? How will we know if any are defective? How can we protect Bloomberg from malicious actors while still benefiting from open source? These are the questions you’ll help us answer!

The Software Composition Analysis and Security (SCAnS) team in DevX plays a foundational role in securing Bloomberg’s software supply chain (SSC) by enabling engineers to use open source and third party software safely, in an operationally resilient manner. Our products integrate with build and analysis systems to ensure software component metadata (as SBOMs) is available throughout the SSC to build a software inventory, affording license and vulnerability identification firm-wide. We control the ingress of components to prevent malware from entering the network, which provides us a unique opportunity to help build this inventory.

Our team is responsible for:

• Providing SBOM tooling and helping integrate it into our supply chain

• Working across ecosystems to adjust our tooling to produce the best quality results

• Controlling and tracking the ingress of software components into the firm’s network

• Solving the firm’s operational resiliency needs for software ingress and component analysis

We are looking for a Senior Software Engineer to drive these projects in the SCAnS team.

What's in it for you?

As an engineer in this growing team, you will be at the heart of Bloomberg’s efforts to secure our software supply chain. This domain is extremely important for the firm’s security and operational resilience posture, and your work will be equally impactful and leveraged by all engineering teams.

With upcoming regulations around Operational Resilience such as DORA, Software Supply Chain security is a hot topic in the industry and a very dynamic space to be involved in. Our team leverages open-source software (e.g. Syft), and also influences the wider industry on standards for SBOMs and SSC. We also have home-grown solutions for specific problems (e.g. the domain of Ingress), providing a broad mix of technologies and approaches.

We will trust you to:

• Collaborate across multiple teams to perform cross-cutting work

• Work with users to understand their needs

• Develop and deploy scalable solutions to meeting our supply chain needs

• Identify risks with our supply chain end-to-end

You’ll need to have:

• Experience in Python or Go

• Knowledge of the software development lifecycle

• A passion for improving the firm’s security posture

• A drive to partner and collaborate with users and team members alike

We’d love to see:

• Experience making upstream contributions

• A history of making changes that involve multiple teams

• Knowledge of software supply chains, SBOMs, and how they are used

• An awareness of vulnerability, malware and licensing challenges in third party software

Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.

Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email amer_recruit@bloomberg.net