At Bluebeam, we empower people to advance the way the world is built. We create smart software solutions that make construction sites more efficient, connected and safe and improve the lives of design and construction professionals everywhere. 

We are looking for a Senior Application Security Engineer to join our Information Security team. The Senior Application Security Engineer will be responsible for continuously improving and maintaining the application security of our cloud platform and products. The ideal candidate will have experience working in public and private-facing cloud SaaS environments and collaborating with and advising the Product, Development, and DevOps teams. 

What you'll be doing: 

  • Serve as a subject matter expert on internal product security engineering questions/requests 
  • Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment 
  • Work with Product and Engineering teams to help design secure products 
  • Perform and manage manual and automated vulnerability and penetration testing 
  • Work with developers to prioritize and remediate identified security vulnerabilities 
  • Lead efforts to implement and maintain security policies and remediation processes 
  • Balance security risk and product advancement within the parameters of the business 
  • Perform proactive research to detect new attack vectors 
  • Perform reactive incident response when a security event occurs 

What we want to see in you: 

  • Bachelor’s degree plus 4 years of experience or Master’s degree with 2 years of experience 
  • Has a deep understanding of web application architecture  
  • Experience with Application Security tools (static code analysis, dynamic scanning, WAF, etc.)  
  • Detailed understanding of common web application deployment models and components  
  • Have a knack for finding flaws in software and can efficiently communicate how to fix them 
  • Proven ability to communicate and educate engineering and architecture teams as to why security efforts are necessary and add value 
  • Can think like an attacker and use that context to develop threat models 
  • Experience and familiarity with widely accepted vulnerability frameworks and guidance (i.e., CVSS, OWASP, NIST, etc.) 
  • Demonstrable experience scripting with languages like Python, PowerShell, bash, etc. to create and automate security controls 
  • Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53 
  • Ability to work in a fast-paced environment 
  • Ability to consider the context of the organization and environment to properly prioritize issues 
  • Ability to work well with other teams/functions with a positive attitude and respect 
  • Can think about problems from an out-of-the box perspective, doesn't always default to industry norms 

Things that will make us say “Wow”: 

  • Experience designing and architecting secure native cloud applications 
  • Knowledge of web/application-layer security and attack vectors 
  • Experience with running and/or managing bug bounty programs 
  • Experience in Digital Forensics and Incident Response 

If you think you are a good match for the Bluebeam team, please send us the following: 

  • Resume 
  • Some sort of personalized introduction for us. This could be a cover letter, a few bullet points about yourself, a comic strip you’ve drawn - anything that tells us a bit about you AND why you want to work here. 

What We Offer

  • People-focused, entrepreneurial start-up culture with the backing of a stable, global, corporate entity - Nemetschek
  • Competitive compensation and benefits package (medical, dental, education reimbursement, 401k, wellness resources)
  • Work-life balance fostered through a culture of diversity, inclusion, and appreciation of individual lifestyle needs
  • You will have the opportunity for continuous professional development

About Bluebeam 

The construction industry is adopting new technology at a feverish pace. Tablets and cell phones are replacing paper blueprints, drones are surveying jobsites in 3D, and cloud collaboration is changing the way teams work together. Bluebeam plays a crucial role in this transformation. The key to our success is a customer-focused approach to product development: we work with the industry to create solutions for the industry. Today, over 2 million people throughout the world use Bluebeam. In the US, we’re a critical partner for the majority of top AEC firms, and rapidly expanding our presence globally, with offices in Sweden, Germany and the UK.  

Come design and build your future with us. 

Bluebeam is proud to be an equal opportunity workplace. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. 


#LI-NS1 #LI-Remote 

Apply for this Job

* Required


Optional Demographic Questions

You may be thinking…what do these questions have to do with me getting a job? Well, to be frank...nothing. These questions are kept private from the Recruiters and Hiring Managers who participate in Bluebeam’s recruitment process for the position to which you’re applying. They are in no way attached to an individual’s name or candidate profile. The below questions are used so Bluebeam can better understand the gaps in our applicant pool or application process and implement positive changes to ensure all people have equal opportunity and feel welcome at Bluebeam. And of course, these questions are optional. If you don't want to answer them, that's alright with us.

Which category below includes your age?

Please check one of the descriptions that corresponds to the group with which you identify most.

Please select the gender you identify with most.

Do you identify as transgender?

Do you have a disability?

Do you identify as a United States veteran?