Senior Staff Software Engineer - Java

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

About Seeker Product:

Seeker is one of, if not the, best Interactive Application Security Testing, or IAST, solutions out there today.

If you aren’t familiar with IAST, in a nutshell it means that we instrument the customer’s application and rewrite the code in runtime to inject callbacks in relevant places. This allows us to very accurately track what code is being executed and follow the data flow through the application.

It’s a similar technique to what profilers or APM tools do. The main difference is that they use instrumentation to track boring things like performance and we use it to track interesting things like security vulnerabilities.

Seeker® is the industry's first interactive application security testing (IAST) software solution with active verification and sensitive-data tracking for web-based applications.

 Seeker's IAST solutions help development, QA, DevOps, and security teams automate the security testing of modern web applications and services.

It saves you valuable time, resources, and costs by enabling your developers to fix critical security flaws early in the SDLC.

What you will do:

Seeker is the most pertinent and accurate application security solution today. It uses groundbreaking technology to identify security vulnerabilities in web applications and report them back to the customer in an easy-to-use fashion.

More info at https://www.blackduck.com/interactive-application-security-testing

What we’re looking for:

• Masters’ or Bachelor’s or Degree in Computer Science or equivalent work experience
• Excellent problem solving skills; strong logical reasoning and solution oriented thinking
• Eager and capable of learning new technologies as necessary
• Team player and able to work independently with minimal supervision
• At least 9+ years related experience in one of the following – Java, Spring boot, Micro services.
• Solid understanding of web technologies (protocols, frameworks), e.g. http/s, JSON, JWT, etc.
• Experience with architecture of web servers
• Security expertise – Advantage
• Experience with instrumentation - Advantage
• Experience with Linux/Unix OS - Advantage
• Experience in Docker – Advantage

You will join the team in charge of Seeker’s Agents – the components that use instrumentation to find security vulnerabilities. The role includes the following responsibilities:

• Taking full ownership on product features
• Ensuring state-of-the-art code is being written along with proper testing suites
• Taking deep dives to resolve complex technical issues

Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.