Application Security Engineer 3

Responsible for leading application security engineering efforts, designing scalable security architectures, performing advanced risk assessments, integrating security across the SDLC, driving AI‑related security controls, evaluating vendor solutions, scaling automation, and contributing to incident response and strategic security improvements.

About the Team:

Bloomberg Industry Group's Application Security team is focused on providing best-in-class security for all internal and external applications. We are constantly evolving our security practices to tackle modern-day threats and ensure our applications remain secure.

Job Summary:

As an Application Security Engineer III, you will lead security engineering initiatives, perform advanced risk assessments, and design scalable security controls across critical applications. You will serve as a subject matter expert (SME) in application, guiding engineering teams, influencing security strategy, and driving automation across the SDLC.

This role requires deep technical expertise, leadership potential, and the ability to shape long‑term Application Security direction.

What You Will Do:

• Design and implement security architectures and controls for large-scale, cloud-native applications.
• Conduct in-depth risk assessments, including penetration testing and code reviews.
• Collaborate with developers and DevOps teams to integrate security at all stages of the software development lifecycle (SDLC).
• Drive security for AI-powered features by defining secure architectures, assessing AI/ML risks, and implementing advanced testing and controls for AI models, agents, and MCP servers.
• Identify areas of improvements in security tools and practices, and remediate the identified gap by implementing innovative solutions.
• Evaluate third‑party security tools and vendor‑provided controls for technical effectiveness, enterprise fit, and alignment with organization's security architecture and standards.
• Collaborate with vendors to provide actionable technical feedback, drive product improvements, and ensure controls are implemented and configured appropriately for Bloomberg Industry Group's environment.
• Build, improve, and scale security automation, integrating tooling across CI/CD pipelines and cloud platforms.
• Provide guidance to junior engineers and cross-functional teams on security best practices.
• Participate in incident response efforts and investigations into security incidents.
• Stay ahead of the curve by keeping informed of industry trends and emerging threats, applying this knowledge to continually improve security.

You Need to Have:

• Deep expertise in application security, secure software design, and risk management, including frameworks such as OWASP ASVS, OWASP Top 10, and NIST 800‑53.
• Extensive experience conducting complex security assessments and building automated security controls for large engineering environments.
• Proficiency in multiple programming languages (e.g., Python, Java, JavaScript) and hands-on experience with SAST, DAST, SCA, IaC, container, and cloud security tools.
• Strong understanding of modern architectures (cloud-native, microservices, Kubernetes, containers, serverless) and DevSecOps processes.
• Advanced understanding of AI/ML security, including model vulnerability analysis, AI threat modeling, secure LLM integration patterns, and familiarity with NIST AI RMF or OWASP Top 10 for LLMs.
• 5-7 years of relevant experience in Application Security, AppSec engineering, Cloud Security, or Software Engineering.

We would Love to See:

• Certifications such as
• AWS Certified Security - Specialty
• CSSLP or CISSP
• Certified DevSecOps Expert (CDE) or equivalent
• A bachelor's degree in information security, Computer Science, or a related field, or equivalent experience.

Equal Opportunity

Bloomberg Industry Group maintains a continuing policy of non-discrimination in employment. It is Bloomberg Industry Group's policy to provide equal opportunity and access for all persons, and the Company is committed to attracting, retaining, developing, and promoting the most qualified individuals without regard to age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or maternity/parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law ("Protected Characteristic"). Bloomberg prohibits treating applicants or employees less favorably in connection with the terms and conditions of employment, in all phases of the employment process, because of one or more Protected Characteristics ("Discrimination").