At Bluebeam, we empower people to advance the way the world is built. We create smart software solutions that make construction sites more efficient, connected and safe and improve the lives of design and construction professionals everywhere.

We are looking for a Senior Application Security Engineer to join our Information Security team. The Senior Application Security Engineer will be responsible for continuously improving and maintaining the application security of our cloud platform and products. The ideal candidate will have experience working in public and private-facing cloud SaaS environments and collaborating with and advising the Product, Development, and DevOps teams.

What you'll be doing:

  • Serve as a subject matter expert on internal product security engineering questions/requests
  • Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
  • Work with Product and Engineering teams to help design secure products
  • Perform and manage manual and automated vulnerability and penetration testing
  • Work with developers to prioritize and remediate identified security vulnerabilities
  • Lead efforts to implement and maintain security policies and remediation processes
  • Balance security risk and product advancement within the parameters of the business
  • Perform proactive research to detect new attack vectors
  • Perform reactive incident response when a security event occurs

What we want to see in you:

  • Have designed and implemented mitigations for common classes of bugs in a popular web framework before
  • Have a knack for finding flaws in software and can efficiently communicate how to fix them
  • Proven ability to communicate and educate engineering and architecture teams as to why security efforts are necessary and add value
  • Can think like an attacker and use that context to develop threat models
  • Has a deep understanding of web application architecture
  • Experience with widely accepted vulnerability frameworks and guidance (i.e. CVSS, OWASP, NIST, etc.)
  • Demonstrable experience scripting with languages like Python, PowerShell, bash, etc.
  • Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53
  • Experience with Application Security tools (static code analysis, dynamic scanning, WAF, etc.)
  • Detailed understanding of common web application deployment models and components
  • Ability to work in a fast-paced environment
  • Ability to consider the context of the organization and environment to properly prioritize issues
  • Ability to work well with other teams/functions with a positive attitude and respect.
  • Can think about problems from an out-of-the box perspective, doesn't always default to industry norms

Things that will make us say “Wow”:

  • Knowledge of web/application-layer security and attack vectors
  • Experience with bug bounty programs
  • Experience in Digital Forensics and Incident Response


If you think you are a good match for the Bluebeam team, please send us the following:

  • Resume
  • Some sort of personalized introduction for us. This could be a cover letter, a few bullet points about yourself, a comic strip you’ve drawn - anything that tells us a bit about you AND why you want to work here.


About Bluebeam

The construction industry is adopting new technology at a feverish pace. Tablets and cell phones are replacing paper blueprints, drones are surveying jobsites in 3D, and cloud collaboration is changing the way teams work together.  Bluebeam plays a crucial role in this transformation. The key to our success is a customer-focused approach to product development: we work with the industry to create solutions for the industry. Today, over 1.6 million people throughout the world use Bluebeam. In the US, we’re a critical partner for the majority of top AEC firms, and rapidly expanding our presence globally, with offices in Sweden, Germany and the UK.

Come design and build your future with us.

Bluebeam is proud to be an equal opportunity workplace. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.



Apply for this Job

* Required


Optional Demographic Questions

You may be thinking…what do these questions have to do with me getting a job? Well, to be frank...nothing. These questions are kept private from the Recruiters and Hiring Managers who participate in Bluebeam’s recruitment process for the position to which you’re applying. They are in no way attached to an individual’s name or candidate profile. The below questions are used so Bluebeam can better understand the gaps in our applicant pool or application process and implement positive changes to ensure all people have equal opportunity and feel welcome at Bluebeam. And of course, these questions are optional. If you don't want to answer them, that's alright with us.

Which category below includes your age?

Please check one of the descriptions that corresponds to the group with which you identify most.

Please select the gender you identify with most.

Do you identify as transgender?

Do you have a disability?

Do you identify as a United States veteran?