Senior Application Security Engineer

We’re hiring on the Blackbaud Application Security team!

As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud. You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up-to-date on what’s happening in the Cyber Security industry in order to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil.

What you will be doing:

1. Identifying solutions for difficult security problems while participating in a broader agile Application Security team.
2. Building comprehensive solutions to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.
3. Conducting threat modeling, secure design reviews, and providing direct guidance to development teams.
4. Promoting, designing, and evaluating application security in all phases of the SDLC and constantly looking for innovative ways to improve processes.
5. Influencing, building, and assisting with information security challenges within applications.

What we'll want you to have:

1. You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices, but wants to get closer to development and engineering.
2. 3+ years experience with open source and commercial application security testing and analysis tools for DAST, SAST, SCA, and Attack Surface Management, e.g. Burp Suite, OWASP Zap, Rapid 7 InsightAppSec, AppScan, Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck, OWASP Amass, Spiderfoot, and various programming language linters.
3. 3+ years experience with Python, Bash, and/or PowerShell.
4. 3+ years experience in integrating security solutions into CI-CD pipelines and automating tooling orchestration.
5. Experience partnering with development and systems engineers on impactful security initiatives.
6. Understanding of software development; how it is designed, built, and can be broken is critical.
7. Understand DevSecOps cultural mindsets, and an engineering-focused approach to solving complex security problems.
8. Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes.

The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business.

If that description fits your approach to security, we’d love to chat with you about what you can do to help our mission!

LI-REMOTE

Blackbaud is a remote-first company which embraces a flexible remote work culture. Blackbaud supports hiring and career development for all roles from the location you are in today!