Senior Staff Software Engineer - Java, Java internals

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

About Black Duck:

We are Software Security Product Development Organization. Black Duck is market leader in AppSec (Application Security) https://www.blackduck.com/company.html

We have a head office in Burlington, Massachusetts, USA. We are present in around 18 countries including Bangalore, India.

We have a storied past, but we’re driven by the future. We led the movement to adopt open-source software safely and securely at scale. We’ve helped organizations in every industry build trust in their software by securing it at the pace their business demands, whether in the cloud or on premises. We grew into the most comprehensive and respected provider of application security testing (AST) solutions in the world, including being the seven-time Leader in the Gartner^® Magic Quadrant^™ for AST.

Black Duck meets the demands of modern business with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world.

Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open-source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

About Seeker Product:

Seeker is one of, if not the, best Interactive Application Security Testing, or IAST, solutions out there today.

If you aren’t familiar with IAST, in a nutshell it means that we instrument the customer’s application and rewrite the code in runtime to inject callbacks in relevant places. This allows us to very accurately track what code is being executed and follow the data flow through the application.

It’s a similar technique to what profilers or APM tools do. The main difference is that they use instrumentation to track boring things like performance and we use it to track interesting things like security vulnerabilities.

Seeker® is the industry's first interactive application security testing (IAST) software solution with active verification and sensitive-data tracking for web-based applications.

 Seeker's IAST solutions help development, QA, DevOps, and security teams automate the security testing of modern web applications and services.

It saves you valuable time, resources, and costs by enabling your developers to fix critical security flaws early in the SDLC.

What you will do:

Seeker is the most pertinent and accurate application security solution today. It uses groundbreaking technology to identify security vulnerabilities in web applications and report them back to the customer in an easy-to-use fashion.

More info at https://www.blackduck.com/interactive-application-security-testing

What we’re looking for:

• Masters’ or Bachelor’s or Degree in Computer Science or equivalent work experience
• Excellent problem-solving skills; strong logical reasoning and solution oriented thinking
• Eager and capable of learning new technologies as necessary
• Team player and able to work independently with minimal supervision
• At least 10+ years related experience in one of the following – Java, Spring boot, Micro services.
• Solid understanding of multithreading in Java, Java internals, identify the performance issues & Performance tuning.
• Solid exposure on Instrumentation, profiling, garbage collection, code generation, byte code manipulation
• Solid understanding of web technologies (protocols, frameworks), e.g. http/s, JSON, JWT, etc.
• Experience with architecture of web servers
• Knowledge of working with any of these tools; OpenText, Sonar, Checkmarks, Viking Cloud (Veracode) will be an advantage
• Security expertise – Advantage
• Experience with instrumentation - Advantage
• Experience with Linux/Unix OS - Advantage
• Experience in Docker – Advantage

You will join the team in charge of Seeker’s Agents – the components that use instrumentation to find security vulnerabilities. The role includes the following responsibilities:

• Taking full ownership on product features
• Ensuring state-of-the-art code is being written along with proper testing suites
• Taking deep dives to resolve complex technical issues

Black Duck considers all applicants for employment without regard to race, color, religion, sex, gender preference, national origin, age, disability, or status as a Covered Veteran in accordance with federal law. In addition, Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.