Professional Services Consulting, Sr Staff Consultant
Black Duck
Sales & Business Development
Bengaluru, Karnataka, India
Posted on Jun 16, 2025
Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
At Black Duck, our Software Security and Quality business is all about building secure software—faster. That starts with our static analysis, software composition analysis, and dynamic analysis. So our customers can build security and quality into the DNA of their code at any stage of the software development lifecycle and across the supply chain. All while minimizing risks and maximizing speed of application development.
Professional Services Consulting, Senior Consultant
We’re looking for a for a full-time Security Senior Staff Consultant to parachute in wherever software insecurity invades and to stomp out bugs and flaws wherever they hide. Our consultants make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments. You will also serve as a subject matter expert (SME) in multiple domains of application and infrastructure security, ensuring that high-quality assessments and recommendations are delivered to clients.
Does this sound like a good role for you? In this role, you must demonstrate your capabilities to plan and lead execution for the below areas:
Technical Delivery/Domain Knowledge:
- Lead the end-to-end delivery of multiple concurrent security projects, ensuring timely completion of milestones and actionable outputs for clients.
- Act as a trusted advisor to clients, helping them understand and implement secure software development practices.
- Serve as a subject matter expert in at least 2–3 security domains such as:
- Web Application & API Penetration Testing
- Mobile Application Security Testing
- Infrastructure Pentesting / Red Team Assessments
- Source Code Review (SAST)
- Software Composition Analysis (SCA)
- Cloud Config Reviews (AWS/Azure/GCP)
- Architecture Security Reviews / Threat Modeling
- Pentest of AI/ML integrated applications
- Provide technical oversight to project teams and ensure adherence to defined methodologies, quality standards, and best practices.
- Participate in client presentations, delivery review meetings, and strategic planning sessions related to application security.
- Contribute to the development of internal tools, templates, methodologies, and technical knowledge base.
- Mentor and support junior consultants in both technical skills and client communication.
Project Management & Delivery:
- Oversee Security Projects: Manage multiple client security projects, ensuring timely delivery, resource allocation, and budget management.
- Client Engagement: Collaborate with clients to understand their security needs and provide tailored solutions. Proactively understands client needs and remain committed towards fulfilling client needs.
- Client Reporting: Deliver detailed reports and presentations on security assessments, findings, and remediation plans to stakeholders.
Team Contributions/Support: Train and mentor junior consultants and team members to be able to deliver our practice offerings, develop consulting skills and become Technical oversight over the due course of time. Contribute to client specific needs within your team, sharing thoughts/ideas, or promoting camaraderie.
You should be able to help team members to scope assessments as per the service definition guidelines laid by the practice and flag scope violations as needed.
Initiative Management and Automation:
- Work with global practice teams, product management teams to develop new solutions/offerings to address client emerging needs.
- Work on competitive landscape, define value proposition, participate in client discussions
- Defines benchmarks, contributes to institutionalization across practices, locations.
- Defines and participates in POC strategy and conduct POC
- Leads internal initiatives, recruitment events from technical standpoint
Commercial Orientation: Should have basic knowledge about PA/SOW and understand the scope and terms and conditions Understands scope, defines size, estimates effort and schedule, defines scope assumptions. Understands potential cross-sell/upsell opportunities and involve client management team as needed to take the lead forward and remain committed to provide support during the pre-sales cycle.
Desired Skills:
Technical Skills: - As a Senior Staff Consultant, you are expected to possess practical, hands-on expertise in most of the skills listed below. Additionally, you should be able to demonstrate subject matter expert (SME) proficiency and lead engagements in at least 3-4 of the outlined technical domains.
- Experienced in Web/API/Web Services Penetration Testing
- Experienced in Mobile Application Penetration Testing (iOS and Android)
- Experienced in Infrastructure Pentest and Hardening
- Red Team Analysis (including network, wireless, physical, and social engineering techniques)
- Experienced in Secure Code Analysis (Java, .NET, PHP, C/C++, Objective-C, Swift, Kotlin, Go etc.).
- Familiarity with Software Composition Analysis and Supply Chain Security concepts
- Cloud Security (AWS/GCP/Azure/Ali cloud)
- Architecture Security Analysis and Threat Modelling
- Working understanding of 1-2 scripting languages
- Experience in reverse engineering is a plus
- Experience in AI/ML Pentest and Threat modelling would be a plus
Must have hands-on knowledge of tools:
Burp suite(Repeater/Intruder/Collaborator/ATOR/Atorize), NMAP, Kali Linux, Nessus, SQLMap
Must be familiar with risk rating methodologies such as: CVSSv3, CVSSv4, NIST
Consulting Skills:
- Ability to interface with clients, utilizing consulting and negotiating skills
- Ability to undertake and complete tasks autonomously
- Meet schedules and delivery timelines, and to move swiftly from concepts and theory to action
- Enthusiasm and commitment
- Professional interpersonal skills and an entrepreneurial drive
- Written communication skills for use in preparing formal documentation.
- Verbal skills that include the ability to clearly articulate thoughts and to deliver presentations.
- Willingness to travel 20-50%
Key Qualification
- Bachelor’s degree in Computer science, Engineering or equivalent. Master’s Degree preferred
- Any relevant certifications such as OSCP, CISSP, CEH, CRTP etc. is a plus
Preferred Experience: 8 to 12 yrs. of work experience in relevant role.
Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.