Professional Services Consulting, Sr Staff Consultant

Black Duck Software Inc. helps organizations build secure high-quality software minimizing risks while maximizing speed and productivity. Black Duck a recognized pioneer in application security provides SAST SCA and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code open source components and application behavior. With a combination of industry-leading tools services and expertise only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

• Lead theend-to-end deliveryof multiple concurrent security projects ensuring timely completion of milestones and actionable outputs for clients.
• Act as atrusted advisorto clients helping them understand and implement secure software development practices.
• Serve as a subject matter expert in at least 23 security domains such as:
• Web Application & API Penetration Testing
• Mobile Application Security Testing
• Infrastructure Pentesting / Red Team Assessments
• Source Code Review (SAST)
• Software Composition Analysis (SCA)
• Cloud Config Reviews (AWS/Azure/GCP)
• Architecture Security Reviews / Threat Modeling
• Pentest of AI/ML integrated applications
• Provide technical oversight to project teams and ensure adherence to defined methodologies quality standards and best practices.
• Participate in client presentations delivery review meetings and strategic planning sessions related to application security.
• Contribute to the development of internal tools templates methodologies and technical knowledge base.
• Mentor and support junior consultants in both technical skills and client communication.

• Oversee Security Projects:Manage multiple client security projects ensuring timely delivery resource allocation and budget management.
• Client Engagement:Collaborate with clients to understand their security needs and provide tailored solutions. Proactively understands client needs and remain committed towards fulfilling client needs.
• Client Reporting:Deliver detailed reports and presentations on security assessments findings and remediation plans to stakeholders.

• Work with global practice teams product management teams to develop new solutions/offerings to address client emerging needs.
• Work on competitive landscape define value proposition participate in client discussions
• Defines benchmarks contributes to institutionalization across practices locations.
• Defines and participates in POC strategy and conduct POC
• Leads internal initiatives recruitment events from technical standpoint

• Experienced in Web/API/Web Services Penetration Testing
• Experienced in Mobile Application Penetration Testing (iOS and Android)
• Experienced in Infrastructure Pentest and Hardening
• Red Team Analysis (including network wireless physical and social engineering techniques)
• Experienced in Secure Code Analysis (Java .NET PHP C/C Objective-C Swift Kotlin Go etc.).
• Familiarity with Software Composition Analysis and Supply Chain Security concepts
• Cloud Security (AWS/GCP/Azure/Ali cloud)
• Architecture Security Analysis and Threat Modelling
• Working understanding of 1-2 scripting languages
• Experience in reverse engineering is a plus
• Experience in AI/ML Pentest and Threat modelling would be a plus

• Ability to interface with clients utilizing consulting and negotiating skills
• Ability to undertake and complete tasks autonomously
• Meet schedules and delivery timelines and to move swiftly from concepts and theory to action
• Enthusiasm and commitment
• Professional interpersonal skills and an entrepreneurial drive
• Written communication skills for use in preparing formal documentation.
• Verbal skills that include the ability to clearly articulate thoughts and to deliver presentations.
• Willingness to travel 20-50%

• Bachelors degree in Computer science Engineering or equivalent. Masters Degree preferred
• Any relevant certifications such as OSCP CISSP CEH CRTP etc. is a plus

Black Duck considers all applicants for employment without regard to race color religion sex gender preference national origin age disability or status as a Covered Veteran in accordance with federal law. In addition Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.