Reports to:
Director, Offensive Security and Vulnerability ManagementThe Cybersecurity Team requires a new team member specializing in supply chain security to support strategic objectives focusing on 3rd party risk and compliance requirements.
The position will focus on identifying risks in 3rd party products (software, SaaS services, etc.), maintaining Bullish and supplier software bill of materials (SBOMs), performing configuration reviews of services, and working with 3rd party vendors to document and manage emerging risks. This position will also focus on securing the Bullish product supply chain, helping to secure Bullish source code and our build and deployment toolchains.
Role & Responsibilities:
Develop an industry leading supply chain security program focused on the detection, prevention and remediation of threats in the Bullish supply chain
Design and execute comprehensive, continuous security assessments (including code reviews, design reviews, and secure configuration reviews) across all third-party software products and Bullish's internal build/deploy toolchain to manage transitive risk
Implement guidelines and processes to facilitate the secure selection, procurement, and implementation of third-party services
Perform risk assessments and work with operations teams to strengthen the Bullish build and deploy technology stack
Develop automation around SBOM generation, maintenance, and the risk-prioritized triage/remediation of identified vulnerabilities
Manage key offensive security tooling, including static analysis, software composition analysis, SBOM management, and Javascript analysis solutions. This includes the triage and management of any detected security weaknesses
Assist with the orchestration of external penetration tests, when needed
Stay updated with emerging supply chain security threats and industry trends to further grow the program
Experience & Qualifications:
5+ years experience in cybersecurity. Preferably in Application Security, Penetration Testing, or Cloud Security Engineering
Operational DevOps experience (JIRA backlog management, ticket assignment, sprint management, etc.)
Ability to read and understand code. Prefer basic level of knowledge in JavaScript, C++, Rust, Go, Python, and Java
Must be comfortable writing code. Many tasks will require automation or custom coding
Experience using AI/LLM to assist with performing tasks and development
Hands-on experience in common DevOps/SecOps/DevSecOps and CI/CD technologies
Self-starts. Autonomous and self-directed. Need someone that can operate with minimal oversight
Basic understanding of Security frameworks such as ISO27001 and NIST CSF
Bachelors of Computer Science degree, or equivalent, depending on experience
Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.