Senior Application Security Engineer

Bengaluru - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Black Duck Software Inc. helps organizations build secure high-quality software minimizing risks while maximizing speed and productivity. Black Duck a recognized pioneer in application security provides SAST SCA and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code open source components and application behavior. With a combination of industry-leading tools services and expertise only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Senior Application Security Consultant

Were seeking a Senior Application Security Consultant with deep expertise in software security secure development practices governance and framework-driven transformation this role you will lead client engagements to assess Application Security Programs (AppSec) against industry frameworks and deliver strategic roadmaps that help organizations build scale and measure their secure software development capabilities. This position blends strategic consulting technical governance and development lifecycle expertise to translate assessment findings into actionable measurable programs aligned with frameworks such as BSIMM and NIST SSDF.

Key Responsibilities

Lead AppSec Program maturity assessments using frameworks like BSIMM NIST SSDF and OWASP SAMM including stakeholder interviews evidence collection and scoring.
Design and deliver Strategic Roadmaps outlining target states 1236-month plans resource needs and success metrics.
Facilitate workshops with executive engineering and AppSec leadership to align initiatives with organizational risk and compliance goals.
Deliver compelling executive-level presentations and recommendations to CISOs CTOs and software leadership teams.
Contribute to internal tools and accelerators (e.g. maturity scoring tools roadmap templates reporting dashboards).
Support thought leadership through whitepapers webinars and conference presentations on secure software development and governance.

Qualifications

Must to have:

5 8 years of experience in application security software assurance or product security consulting.
Strong knowledge of frameworks such as BSIMM NIST SSDF or OWASP SAMM.
Experience with Open-Source Software (OSS) security including identification tracking and remediation of vulnerabilities in third-party components.
Familiarity with Software Bill of Materials (SBOM) standards and tools (e.g. SPDX CycloneDX) and their role in software supply chain transparency and compliance
Proven experience in developing or executing maturity models capability assessments or multi-year roadmaps for AppSec or DevSecOps programs.
Hands-on experience with secure software development practices including familiarity with SDLC CI/CD pipelines and code-level security controls.
Excellent verbal and written communication skills with the ability to translate technical findings into clear executive-level narratives and actionable plans.
Strong presentation and facilitation skills in client-facing environments.

Nice to have:

Prior consulting experience with a Big Four boutique AppSec consultancy or internal software security governance team.
Experience in software supply chain risk management (SSCRM) AI/ML assurance or DevSecOps pipeline design.
Background in software development (e.g. Java Python C#) and experience working within secure SDLCs.
Industry certifications such as CEH CISSP CISM or equivalent.

What Youll Deliver

Comprehensive AppSec Program Roadmaps maturity assessments and framework-aligned reports.
Visuals and documentation for capability maturity models and strategic planning.
Executive summaries and strategic recommendations tailored to leadership audiences.

Black Duck considers all applicants for employment without regard to race color religion sex gender preference national origin age disability or status as a Covered Veteran in accordance with federal addition Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.

Required Experience:

Senior IC

Senior Application Security Consultant

Key Responsibilities

Lead AppSec Program maturity assessments using frameworks like BSIMM NIST SSDF and OWASP SAMM including stakeholder interviews evidence collection and scoring.
Design and deliver Strategic Roadmaps outlining target states 1236-month plans resource needs and success metrics.
Facilitate workshops with executive engineering and AppSec leadership to align initiatives with organizational risk and compliance goals.
Deliver compelling executive-level presentations and recommendations to CISOs CTOs and software leadership teams.
Contribute to internal tools and accelerators (e.g. maturity scoring tools roadmap templates reporting dashboards).
Support thought leadership through whitepapers webinars and conference presentations on secure software development and governance.

Qualifications

Must to have:

5 8 years of experience in application security software assurance or product security consulting.
Strong knowledge of frameworks such as BSIMM NIST SSDF or OWASP SAMM.
Experience with Open-Source Software (OSS) security including identification tracking and remediation of vulnerabilities in third-party components.
Familiarity with Software Bill of Materials (SBOM) standards and tools (e.g. SPDX CycloneDX) and their role in software supply chain transparency and compliance
Proven experience in developing or executing maturity models capability assessments or multi-year roadmaps for AppSec or DevSecOps programs.
Hands-on experience with secure software development practices including familiarity with SDLC CI/CD pipelines and code-level security controls.
Excellent verbal and written communication skills with the ability to translate technical findings into clear executive-level narratives and actionable plans.
Strong presentation and facilitation skills in client-facing environments.

Nice to have:

Prior consulting experience with a Big Four boutique AppSec consultancy or internal software security governance team.
Experience in software supply chain risk management (SSCRM) AI/ML assurance or DevSecOps pipeline design.
Background in software development (e.g. Java Python C#) and experience working within secure SDLCs.
Industry certifications such as CEH CISSP CISM or equivalent.

What Youll Deliver

Comprehensive AppSec Program Roadmaps maturity assessments and framework-aligned reports.
Visuals and documentation for capability maturity models and strategic planning.
Executive summaries and strategic recommendations tailored to leadership audiences.

Required Experience:

Senior IC

Key Skills

Continuous Integration
SQL
.NET
Debugging
C/C++
Go
Root cause Analysis
ASP.NET
C#
Application Development
JavaScript
Teradata

Apply Now

About Company

Black Duck Software

Build high-quality, secure software with application security testing tools and services from Black Duck. We are a Gartner Magic Quadrant Leader in AppSec.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click