Career journal for

Security Engineers

Security work is mostly proving negatives. The breaches that did not happen are not on any dashboard, and at review time the impact is hard to make legible.

Bloomly is the career journal built for the moments the work actually happens, not the night before the review.

A captured day for a Security Engineer

1. 01

   9am: shipped the access-review automation; auditor signed off the same day.

2. 02

   1pm: threat-model review with the platform team; my comment on token rotation changed their direction.

3. 03

   3pm: incident response on a CVE; patched in 6 hours, post-mortem published.

4. 04

   5pm: trained 3 engineers on threat-modeling in a 45-minute session.

What a Security Engineer captures

• Vulnerabilities found and closed
• Audit findings remediated
• Threat models authored
• Security-tooling work
• Security-training and engineer-coaching

Led SOC 2 Type II prep (closed 11/12 prior findings). Authored threat model adopted across 4 services. Reduced critical-vuln MTTR 6 days to 18 hours.

Promotion rubric, mapped to capture

• Risk reduction outcomesCaptured automatically through dated entries, auto-tagged against this dimension, and surfaced in your generated Performance Report and Period Recap.
• Audit and compliance workCaptured automatically through dated entries, auto-tagged against this dimension, and surfaced in your generated Performance Report and Period Recap.
• Threat-model and assessment qualityCaptured automatically through dated entries, auto-tagged against this dimension, and surfaced in your generated Performance Report and Period Recap.
• Cross-team security partnershipCaptured automatically through dated entries, auto-tagged against this dimension, and surfaced in your generated Performance Report and Period Recap.