Application Security Engineer 3

About The Position

Requirements

• Deep expertise in application security, secure software design, and risk management, including frameworks such as OWASP ASVS, OWASP Top 10, and NIST 800‑53.
• Extensive experience conducting complex security assessments and building automated security controls for large engineering environments.
• Proficiency in multiple programming languages (e.g., Python, Java, JavaScript) and hands-on experience with SAST, DAST, SCA, IaC, container, and cloud security tools.
• Strong understanding of modern architectures (cloud-native, microservices, Kubernetes, containers, serverless) and DevSecOps processes.
• Advanced understanding of AI/ML security, including model vulnerability analysis, AI threat modeling, secure LLM integration patterns, and familiarity with NIST AI RMF or OWASP Top 10 for LLMs.
• 5-7 years of relevant experience in Application Security, AppSec engineering, Cloud Security, or Software Engineering.

Nice To Haves

• Certifications such as AWS Certified Security – Specialty CSSLP or CISSP Certified DevSecOps Expert (CDE) or equivalent
• A bachelor's degree in information security, Computer Science, or a related field, or equivalent experience.

Responsibilities

• Design and implement security architectures and controls for large-scale, cloud-native applications.
• Conduct in-depth risk assessments, including penetration testing and code reviews.
• Collaborate with developers and DevOps teams to integrate security at all stages of the software development lifecycle (SDLC).
• Drive security for AI-powered features by defining secure architectures, assessing AI/ML risks, and implementing advanced testing and controls for AI models, agents, and MCP servers.
• Identify areas of improvements in security tools and practices, and remediate the identified gap by implementing innovative solutions.
• Evaluate third‑party security tools and vendor‑provided controls for technical effectiveness, enterprise fit, and alignment with organization’s security architecture and standards.
• Collaborate with vendors to provide actionable technical feedback, drive product improvements, and ensure controls are implemented and configured appropriately for Bloomberg Industry Group’s environment.
• Build, improve, and scale security automation, integrating tooling across CI/CD pipelines and cloud platforms.
• Provide guidance to junior engineers and cross-functional teams on security best practices.
• Participate in incident response efforts and investigations into security incidents.
• Stay ahead of the curve by keeping informed of industry trends and emerging threats, applying this knowledge to continually improve security.