AppSec Jobs
← Back to all jobs

Black Duck

Application Security Engineer 3

Bengaluru, Karnataka, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Black Duck

Black Duck Software, Inc. is a prominent application security company that specializes in software security testing and risk management solutions. Founded in 2002 and acquired by Synopsys in 2017, Black Duck became an independent software vendor in October 2024. The company is recognized for its expertise in open source software security and compliance, offering a wide range of SaaS and on-premises security testing tools, managed security testing services, and consulting. The company focuses on securing software supply chains, particularly in response to the complexities introduced by AI-generated code and evolving global regulatory requirements. Black Duck provides solutions that help organizations balance speed, accuracy, innovation, compliance, and budget constraints. Key offerings include Software Composition Analysis (SCA), Application Security Testing (AST), managed security testing services, and container scanning. Black Duck serves a diverse customer base, including major technology companies and enterprises that prioritize secure software development and compliance.

Industry

information technology & services

Employees

1,300

465 engineers

Revenue

$500M

Website

Visit →

Security at Black Duck

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

4 Intel Signals

Security Philosophy

• Reduce friction and maintain velocity by shifting security everywhere. • Integrate security testing and just‑in‑time insight into existing developer workflows. • Application security is noisier than ever. • Solves the noise crisis in AppSec. • Works within AI coding assistants and IDEs. • Real‑time, incremental analysis. • Developers are moving faster than ever.

Security Team

Public leaders identified: Jason Schmitt (CEO), Dipto Chakravarty (Chief Product & Technology Officer), Girish Janardhanudu (Chief Customer Officer) – all listed on the company leadership page (E-021, E-021A‑C). No public statement about the AppSec reporting line or team size (Information not publicly available). Active AppSec job postings: at least one Application Security Engineer III listing on LinkedIn and multiple openings on Greenhouse. Common skill patterns in postings include BSIMM, NIST SSDF, SBOM standards (E-023, E-024), and CI/CD tool integrations (Jenkins, Jira) (E-005, E-006, E-007).

Key Initiatives

Security Champions Program – No evidence found (Information not publicly available). Shift‑Left Practice – Quotes describe integration of security testing into developer workflows, triggering scans in Jenkins, and AI‑assistant support (E-002, E-007, E-011). Vulnerability Management – Intake handled by the Product Security Incident Response Team (PSIRT) with severity‑based prioritization . Triage and ticket assignment occur centrally via Jira and Azure DevOps . Recent Initiatives (last 6 months) – Launch of Black Duck Signal™ with AI‑driven, real‑time analysis and automated remediation (E-013‑E-016).

Security Tool Stack

SAST

Static Analysis

SAST – "Coverity® Static Analysis"

SCA

Dependency Scanning

SCA – "Black Duck® SCA"

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.