Product Security Analyst

Bloomreach is the world’s #1 Commerce Experience Cloud, empowering brands to deliver customer journeys so personalized, they feel like magic. It offers a suite of products that drive true personalization and digital commerce growth, including:

• Discovery, offering AI-driven search and merchandising
• Content, offering a headless CMS
• Engagement, offering a leading CDP and marketing automation solutions

Together, these solutions combine the power of unified customer and product data with the speed and scale of AI-optimization, enabling revenue-driving digital commerce experiences that convert on any channel and every journey. Bloomreach serves over 850 global brands including Albertsons, Bosch, Puma, FC Bayern München, and Marks & Spencer. Bloomreach recently raised $175 million in a Series F funding round, bringing its total valuation to $2.2 billion. The investment was led by Goldman Sachs Asset Management with participation from Bain Capital Ventures and Sixth Street Growth. For more information, visit Bloomreach.com.

Become a Product Security Analyst for Bloomreach! Be a part of the GIST (Global Information Security & Technology) group and play an important role in helping us protect and secure our products and applications. Our company provides the best digital experience for the top international e-commerce companies. We partner and collaborate with our stakeholders in the Product and Engineering Teams and actively participate in the software development lifecycle to ensure secure by design. Your work will impact hundreds of millions of consumers in the online space. 

Responsibilities

• Assist in implementation and maintenance of Secure Software Development Lifecycle (SSDLC) practices 
• Review application architecture and design to provide security best practices
• Build threat models and conduct risk assessments for new features and services
• Create application threat models and provide guidance on effective countermeasures
• Contribute to security policy, standards, and guidelines as it relates to Product Security
• Evaluate and operationalize new technologies for securing the organization
• Perform regular security assessments across a wide range of systems
• Collaborate with internal and external stakeholders as it relates to Product Security
• Security Point-of-Contact for the organization with a focus on a particular product pillar

Requirements

• Understanding and familiarity of programming languages (Java, Python, and Go Lang)
• Functional understanding of Linux and Cloud Infrastructure (AWS, GCP)
• Understanding of the Software Development Lifecycle and Agile methodology
• Deep understanding of common security vulnerabilities as described in Common Weakness Enumeration, OWASP Top 10, and SANS 25 as well as their remediation
• Good Analytical skills, Problem-solving, and Interpersonal skills
• Expertise in application security best practices
• Ability to effectively communicate with both technical and non-technical stakeholders which include external clients and customers

Ideal Candidate Skillsets

• Experience with application testing tools (BurpSuite, OWASP ZAP)
• Experience managing a bug bounty program
• Certifications: OSCP, OSWE, eWPT, GWAPT, Cloud Certifications
• Working knowledge with API testing tools (Postman)

More things you'll like about Bloomreach:

Culture:

• A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. 

• We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. 

• We believe in flexible working hours to accommodate your working style.

• We work remote-first with several Bloomreach Hubs available across three continents.

• We organize company events (summits) twice a year to experience the global spirit of the company and get excited about what's ahead.

• We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer.

• We have a friendly atmosphere and motivated colleagues who love what they do.

• The Bloomreach Glassdoor page elaborates on our stellar 4.5/5 rating.

Personal Development:

• We have a People Development Program -- participating in weekly personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions.

• Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins.

• Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)

• Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.

Well-being:

• The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.

• Subscription to Calm - sleep and meditation app.

• We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones.

• We facilitate sports, yoga, and meditation opportunities for each other.

Compensation:

• Stock options are granted depending on a team member’s role, seniority, and location.

• Everyone gets to participate in the company's success through the company performance bonus.

• We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts.

• We celebrate work anniversaries -- Bloomversaries!

If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful!

Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees.

 #LI-Remote