Since 2002, Bluebeam has gained the trust of more than 1.3 million design and construction professionals worldwide trust that use our product, Bluebeam Revu, to get more done in less time. And when your software is vital to the largest building and infrastructure projects in the works, security is a top priority.
Bluebeam is looking for a Senior Application Security Engineer to join our Information Security team. The Senior Application Security Engineer will be responsible for continuously improving and maintaining the application security of our cloud platform and products. The ideal candidate will have experience working in public and private-facing cloud SaaS environments and collaborating with and advising the Product, Development, and DevOps teams.
What you'll be doing:
- Serve as a subject matter expert on internal product security engineering questions/requests
- Build and automate secure SDLC controls and best practices in an agile, CI/CD-focused environment.
- Work with Product and Engineering teams to help design secure products
- Perform and manage manual and automated vulnerability and penetration testing
- Work with developers to prioritize and remediate identified security vulnerabilities
- Lead efforts to implement and maintain security policies and remediation processes
- Balance security risk and product advancement within the parameters of the business
- Perform proactive research to detect new attack vectors
- Perform reactive incident response when a security event occurs
What we want to see in you:
- Have designed and implemented mitigations for common classes of bugs in a popular web framework before
- Have a knack for finding flaws in software and can efficiently communicate how to fix them
- Proven ability to communicate and educate engineering and architecture teams as to why security efforts are necessary and add value
- Can think like an attacker and use that context to develop threat models
- Has a deep understanding of web application architecture
- Experience with widely accepted vulnerability frameworks and guidance (i.e. CVSS, OWASP, NIST, etc.)
- Demonstrable experience scripting with languages like Python, PowerShell, bash, etc.
- Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53
- Experience with Application Security tools (static code analysis, dynamic scanning, WAF, etc.)
- Detailed understanding of common web application deployment models and components
- Ability to work in a fast-paced environment
- Ability to consider the context of the organization and environment to properly prioritize issues
- Ability to work well with other teams/functions with a positive attitude and respect.
- Can think about problems from an out-of-the box perspective, doesn't always default to industry norms
Things that will make us say “Wow”:
- Knowledge of web/application-layer security and attack vectors
- Experience with bug bounty programs
- Experience in Digital Forensics and Incident Response
If you think you are a good match for the Bluebeam team, please send us the following:
- Some sort of personalized introduction for us. This could be a cover letter, a few bullet points about yourself, a comic strip you’ve drawn - anything that tells us a bit about you AND why you want to work here.
Bluebeam is proud to be an equal opportunity workplace. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.