Application Security Engineer
It's fun to work in a company where people truly believe in what they're doing!
At Blackline, we're committed to bringing passion and customer focus to the business of enterprise applications.
Since being founded in 2001, BlackLine has become a leading provider of cloud software that automates and controls the entire financial close process. Our vision is to modernize the finance and accounting function to enable greater operational effectiveness and agility, and we are committed to delivering innovative solutions and services to empower accounting and finance leaders around the world to achieve Modern Finance.
BlackLine empowers our team members to be change agents and is always seeking new and innovative ways to solve problems. We are experiencing explosive growth and looking for passionate and talented people to join our team.
In collaboration with development and architecture teams, the Application Security Engineer will define security controls in BlackLine’s software, identify and prioritize vulnerabilities in the application, databases, and related infrastructure components, provide resolution guidance to the development team, perform source code reviews, conduct application security tests, monitor security events and audit trails, and respond to incidents. This position will also be responsible for educating and mentoring developers on secure coding and application security best practices.
Make Your Mark:
- Identify risks and areas of exposure in applications developed and/or used by BlackLine.
- Perform security reviews of source code, stored procedures, and server/service configurations.
- Define and document application security requirements for BlackLine applications.
- Oversee development of security components throughout all stages of the SDLC.
- Perform manual and automated security testing of BlackLine applications.
- Monitor application logs and audit trails.
- Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
- Educate developers on secure coding techniques and security best practices.
- Participate in the development of security policies, standards, and processes.
- Participate in incident handling and perform application-related forensics activities.
- Perform other duties as assigned.
What You'll Bring:
- 2+ years of hands-on application security experience.
- Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET.
- Advanced knowledge of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols, and services.
- Intermediate knowledge of MS SQL. Basic knowledge of other commonly-used RDBMS.
- Ability to identify security vulnerabilities from source code reviews and testing.
- Knowledge of encryption technologies, secure communications, and secure credentials management.
- Intermediate proficiency with C/C++ or Java. Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.) is a plus.
- Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
- Intimate familiarity with web application testing tools (eg: Burp, Parox, Fiddler, Havij, netcat). Ability to write proof-of-concept exploits is a big plus.
- Ability to define application security requirements and build secure web application solutions.
- Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
- Strong work ethic, attention to detail, and organizational skills
- Ability to multi-task and manage priorities in a fast-paced environment.
- Ability to collaborate in a team and work independently
- Conceptual understanding of software development principles and SDLC models, Agile experience is a plus.
- Intermediate proficiency with the Microsoft Office suite.
- Windows and Linux operating systems knowledge at advanced user level
- Advanced experience with at least one scripting language (e.g.: Perl, Python).
Thrive At BlackLine Because You Are Joining:
- A technology-based company with a sense of adventure and a vision for the future. Every door at BlackLine is open. Just bring your brains, your problem-solving skills, and be part of a winning team at the world's most trusted name in Finance Automation!
- A culture that is kind, open, and accepting. It’s a place where people can embrace what makes them unique, and the mix of cultural backgrounds and varying interests cultivates diverse thoughts and perspectives.
- A company that believes in providing the best possible service to its clients and that starts with offering amazing perks to its employees. These perks include 100% coverage for healthcare, vision, and dental, 401(k) matching, ESPP, food, drinks, games, and so much more!
- A culture where BlackLiners’ continued growth and learning is empowered. BlackLine offers a wide variety of professional development seminars and inclusive affinity groups to celebrate and support our diversity.
BlackLine is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity or expression, race, age, religious creed, national origin, physical or mental disability, ancestry, color, marital status, sexual orientation, military or veteran status, status as a victim of domestic
Equal Employment Opportunity
BlackLine believes that our diversity is one of our greatest strengths, and we do not tolerate discrimination. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all personnel actions, without regard to sex (including pregnancy, childbirth, breastfeeding or related medical conditions), race, natural hair, religion (including religious dress and grooming practices), color, gender (including gender identity and gender expression), national origin (including language use restrictions and possession of a driver's license issued under Vehicle Code section 12801.9), ancestry, physical or mental disability, medical condition, including HIV and AIDS, genetic information, marital status, registered domestic partner status, age, sexual orientation, military and veteran status or any other basis protected by federal, state or local law or ordinance or regulation.
We’re proud to continue to stand by this policy and will grow our company with attention to this instrumental belief in our hiring and promotion practices.
We encourage applications from all qualified candidates and will reasonably accommodate applicants’ needs in accordance with applicable law throughout all stages of the recruitment and selection process. If you need a reasonable accommodation to assist with your job search or application for employment, please contact us by sending an email to [email protected]