Senior Cyber Security Application Security Engineer

We're hiring on the Blackbaud Application Security team

As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built and/or used by Blackbaud. You can expect to work closely with software development teams as well as third-party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on what's happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security self-service and vulnerability management to reduce unnecessary toil.

What you will be doing:

• Identifying solutions for difficult security problems while participating in a broader agile Application Security team.
• Building comprehensive solutions to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.
• Conducting threat modeling, secure design reviews, and providing direct guidance to development teams.
• Promoting, designing, and evaluating application security in all phases of the SDLC and constantly looking for innovative ways to improve processes.
• Influencing, building, and assisting with information security challenges within applications.

What we'll want you to have:

You are either a security-minded software engineer who has been building modern services using a microservice architecture in an agile development environment or a development-interested security practitioner who understands security best practices but wants to get closer to development and engineering.

• 5+ plus years of experience with application security and relevant testing tools for:

• DAST: Burp Suite, OWASP Zap, Invicti, AppScan

• SAST/SCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck
• Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito
• 3+ years of experience with Python, Bash, and/or PowerShell.
• 3+ years of experience in DevSecOps integrating security solutions into CI-CD pipelines and automated tooling orchestration.
• Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus.
• Experience partnering with development and systems engineers on impactful security initiatives.
• Understanding of software development; how applications and systems are designed, built, and break is critical.
• Understand DevSecOps cultural mindsets, and an engineering-focused approach to solving complex security problems.
• Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes.

The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business.

Stay up to date on everything Blackbaud,

Blackbaud is a digital-first company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today

Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.