Senior Cyber Security Application Security Engineer

We’re hiring on the Blackbaud Application Security team!

As a member of the Cyber Security organization at Blackbaud, the Application Security Engineer is a specialized position that plays a key role in securing software built andor used by Blackbaud. You can expect to work closely with software development teams as well as thirdparty organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications at Blackbaud. In addition to securing software, you will be expected to stay up to date on what’s happening in the Cyber Security industry to optimize and align our application security processes and systems throughout the Software Development Life Cycle (SDLC) at Blackbaud. The Application Security Engineering team focuses on building automation for security selfservice and vulnerability management to reduce unnecessary toil.

What you will be doing:

• Identifying solutions for difficult security problems while participating in a broader agile Application Security team.

  Building comprehensive solutions to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.

  Conducting threat modeling, secure design reviews, and providing direct guidance to development teams.

  Promoting, designing, and evaluating application security in all phases of the SDLC and constantly looking for innovative ways to improve processes.

  Influencing, building, and assisting with information security challenges within applications.

  What well want you to have:

  You are either a securityminded software engineer who has been building modern services using a microservice architecture in an agile development environment or a developmentinterested security practitioner who understands security best practices but wants to get closer to development and engineering.

  • 5+ plus years of experience with application security and relevant testing tools for:

    • DAST: Burp Suite, OWASP Zap, Invicti, AppScan

      SASTSCA: Fortify, Checkmarx, Coverity, Semgrep, OWASP Dependency Check, Mend, Blackduck

      Attack Surface Management: OWASP Amass, Spiderfoot, CyCognito

      • 3+ years of experience with Python, Bash, andor PowerShell.

        3+ years of experience in DevSecOps integrating security solutions into CICD pipelines and automated tooling orchestration.

        Relevant certifications include CompTIA Security+ or CASP+, EC Council CEH, ISC2 CSSLP are a plus.

        Experience partnering with development and systems engineers on impactful security initiatives.

        Understanding of software development; how applications and systems are designed, built, and break is critical.

        Understand DevSecOps cultural mindsets, and an engineeringfocused approach to solving complex security problems.

        Strong verbal and written communication skills to translate security objectives and requirements to specific engineering outcomes.

        The Application Security team at Blackbaud is committed to ensuring security issues are prevented, discovered, and remediated in collaboration with our engineering partners across the business.

        Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube ​

        Blackbaud is a digitalfirst company which embraces a flexible remote or hybrid work culture. Blackbaud supports hiring and career development for all roles from the location you are in today!

        Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.