At Black Duck, our Software Security and Quality business is all about building secure software—faster. That starts with our static analysis, software composition analysis, and dynamic analysis. So our customers can build security and quality into the DNA of their code at any stage of the software development lifecycle and across the supply chain. All while minimizing risks and maximizing speed of application development.

Professional Services Consulting, Senior Consultant

We’re looking for a for a full-time Security Senior Consultant to parachute in wherever software insecurity invades and to stomp out bugs and flaws wherever they hide.

Does this sound like a good role for you?

In this role, you need to go beyond traditional testing services to help our clients identify, remediate, and prevent vulnerabilities in the applications that power their business. You need to have a holistic approach to application security offers a balance of managed and professional services and products tailored to fit client’s specific needs. As a security professional you should have the ability to provide remediation guidance, program design services, and training that empower build and maintain secure applications.

Responsibilities include but not limited to the following:

• Ability to collaborate with project team members, take direction from the project lead and execute tasks consistently
• Can Conduct Source Code Analysis
• Can Conduct Software Penetration Testing
• Can Conduct Architecture Security Analysis
• Can Conduct Secure Software Design and Architecture analysis
• Conduct Database Security Analysis
• Knowledge on Network Security Analysis will be an added advantage
• Familiarity with at least Java or .Net (Should be able to read and understand enterprise code and write basic code)
• Experience with other languages (e.g. JavaScript, Python, Ruby, PHP, Perl, COBOL, SQL, or Assembly) (Desired)
• Familiarity with software security weakness, vulnerability and secure code review. Experience conducting secure code review is a plus
• Familiarity with security vulnerabilities and how those things appear in code
• Ability to look understand vulnerable code and security implications
• Basic knowledge of remediation of security issues
• Software architecture experience (web application, web services, API gateway, cloud native apps).
• Software development experience in Java / .NET / JavaScript / django / python.
• Software build process experience (e.g., Jenkins, TeamCity, Bamboo, TFS, maven, msbuild).
• Basic knowledge of Cloud computing in any of the Cloud platforms like AWS, Azure, GCP or Ali Cloud.
• Any professional certifications on these Cloud technologies or hands-on exposure of Cloud config reviews would be given preference.
• Prior exposure of Architecture review/Threat modeling of applications and relevant tools
• Hands-on exposure of Software Composition Analysis or familiarities with SCA tools like Blackduck.

Key Qualification

• Bachelor’s Degree in Computer Science, Engineering or equivalent. Master’s Degree preferred

Preferred Experience

• 2 to 5 yrs. of work experience in relevant role