At Bluebeam, we empower people to advance the way the world is built. We create smart software solutions that make construction sites more efficient, connected and safe and improve the lives of design and construction professionals everywhere.
We are looking for a Senior Application Security Engineer to join our Information Security team. The Senior Application Security Engineer will be responsible for continuously improving and maintaining the application security of our cloud platform and products. The ideal candidate will have experience working in public and private-facing cloud SaaS environments and collaborating with and advising the Product, Development, and DevOps teams.
What you'll be doing:
- Serve as a subject matter expert on internal product security engineering questions/requests
- Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
- Work with Product and Engineering teams to help design secure products
- Perform and manage manual and automated vulnerability and penetration testing
- Work with developers to prioritize and remediate identified security vulnerabilities
- Lead efforts to implement and maintain security policies and remediation processes
- Balance security risk and product advancement within the parameters of the business
- Perform proactive research to detect new attack vectors
- Perform reactive incident response when a security event occurs
What we want to see in you:
- Have designed and implemented mitigations for common classes of bugs in a popular web framework before
- Have a knack for finding flaws in software and can efficiently communicate how to fix them
- Proven ability to communicate and educate engineering and architecture teams as to why security efforts are necessary and add value
- Can think like an attacker and use that context to develop threat models
- Has a deep understanding of web application architecture
- Experience with widely accepted vulnerability frameworks and guidance (i.e. CVSS, OWASP, NIST, etc.)
- Demonstrable experience scripting with languages like Python, PowerShell, bash, etc.
- Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53
- Experience with Application Security tools (static code analysis, dynamic scanning, WAF, etc.)
- Detailed understanding of common web application deployment models and components
- Ability to work in a fast-paced environment
- Ability to consider the context of the organization and environment to properly prioritize issues
- Ability to work well with other teams/functions with a positive attitude and respect.
- Can think about problems from an out-of-the box perspective, doesn't always default to industry norms
Things that will make us say “Wow”:
- Knowledge of web/application-layer security and attack vectors
- Experience with bug bounty programs
- Experience in Digital Forensics and Incident Response
If you think you are a good match for the Bluebeam team, please send us the following:
- Some sort of personalized introduction for us. This could be a cover letter, a few bullet points about yourself, a comic strip you’ve drawn - anything that tells us a bit about you AND why you want to work here.
The construction industry is adopting new technology at a feverish pace. Tablets and cell phones are replacing paper blueprints, drones are surveying jobsites in 3D, and cloud collaboration is changing the way teams work together. Bluebeam plays a crucial role in this transformation. The key to our success is a customer-focused approach to product development: we work with the industry to create solutions for the industry. Today, over 1.6 million people throughout the world use Bluebeam. In the US, we’re a critical partner for the majority of top AEC firms, and rapidly expanding our presence globally, with offices in Sweden, Germany and the UK.
Come design and build your future with us.
Bluebeam is proud to be an equal opportunity workplace. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.