Boomi
Code/Dev Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Boomi
Boomi is a cloud-native integration platform as a service (iPaaS) company founded in 2000. It specializes in connecting various systems, automating workflows, and utilizing AI for data management across SaaS, on-premise, and cloud applications. Acquired by Dell in 2010, Boomi has evolved into a multibillion-dollar organization, supporting over 18,000 global customers and facilitating more than 200 million integrations. The Boomi platform includes seven core elements designed for integration, automation, and data management. These features include a Master Data Hub for consolidating data, integration connectors for over 1,500 technologies, and tools for API management and workflow automation. Boomi AI enhances the platform by providing intelligent suggestions and faster deployments based on extensive integration patterns. The platform is scalable, catering to both small businesses and large enterprises, and focuses on improving efficiency and decision-making across organizations.
Security at Boomi
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- Boomi's stated AppSec mission is to implement information security controls to address security risks.
- The company believes in balancing business and security, viewing security as a team sport.
- Their risk philosophy involves a management process to frame, assess, respond to, and monitor risk, emphasizing internal knowledge-sharing for lessons learned.
- Stated pain points include the constantly shifting nature of AI threats, requiring fluid security postures, and the goal to create security documentation.
- A gap identified is the lack of a public, verbatim mission statement explicitly labeled 'Application Security' or 'AppSec'.
Security Team
Boomi's security organization collaborates with representatives throughout the company, aiming to be the most compliant company in its industry. The key public-facing leader is Carl Siva, Chief Information Security Officer and Vice President of Infrastructure, who describes his role as 'the plumbing, electrical, and the alarm system.' The team size is not publicly available, as no verifiable public source states AppSec headcount. As of, there are 3 security-related job postings visible on Boomi's careers page, including 'AI Security Engineer', 'AI Security Operations', and 'Cloud Security Engineer'. Common skill/tool patterns are not publicly available as detailed toolchains were not exposed in the retrieved job listings. A gap is that no public org chart or explicit reporting line for AppSec was found.
Key Initiatives
- Boomi does not publicly provide evidence of a 'Security Champions Program'.
- In terms of 'Shift Left' practices, they perform 'Code reviews and vulnerability assessments... in the development environment prior to release to production' and 'Arrange for Regular Security Workshops'.
- Their vulnerability management process involves identifying 'Vulnerabilities... using a variety of sources/methods'.
- Triage and remediation timeframes are 'calculated based on risk', and Boomi 'uses commercially reasonable efforts to design and implement vulnerability response processes'.
- Secure SDLC artifacts include maintaining 'information Security Practices' and performing 'regular evaluations of your API security infrastructure'.
- Recent initiatives (last 6 months) include Agentstudio addressing challenges in launching AI projects and protecting tools and data with secure, managed APIs.
- A gap is the lack of a public, AppSec-specific runbook or SLA.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.