At BlackLine, we're committed to bringing passion and customer focus to the business of enterprise applications. BlackLine is looking for a creative, polished Senior Application Security Engineer to join our team.

• Perform static analysis security reviews using automated tools like Veracode and manual source code review
• Conduct software composition analysis to identify security risks associated with third-party software and effectively prioritize risks
• Identify security risks and areas of exposure in applications developed and/or used by BlackLine
• Collaborate with software development team in remediating the identified security vulnerability and ensure defense mechanisms are implemented of highest standards
• Review technical specification documents, perform threat modelling to determine risks, define application security requirements, and develop consistent threat modelling artifacts
• Oversee development of security components throughout all the stages of the Software Development Lifecycle
• Perform Dynamic security assessments or manual penetration testing of BlackLine applications
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures
• Recommend and lead projects to improve the application security risk management posture of Blackline at large
• Lead Security Champions program to train developers on secure coding techniques and security best practices
• Mentor team of application security engineers and provide technical guidance
• Participate in development of security policies, standards, and processes
• Participate in incident handling and perform application-related forensic activitie
• Perform other duties as assigned
• Provide limited supervision to others through motivation, direction, review and feedback of assigned tasks
• Working Conditions: This role will be expected to be online during business hours for most of our customers (North America) and to have coverage for business operations conducted during business hours in other HQ (e.g., EU issues that are Resolve Immediately)
• Application Security office hours are 0800-1700, with overnight incident coverage provided by on call for Security Operations.

• 5 years of hands-on application security experience, strong emphasis on prior development experience.
• Advanced knowledge of OWASP Top 10 risks and CWE TOP 25 (e.g. Broken Access Control, SSRF, Injection, cookie/header/encoding manipulation, Cryptographic failures, Broken Authentication, Insecure Design etc).
• Advanced knowledge of web application technologies, MVC, Ajax, XML, JSON, SOA, SSL, web-related protocols and services.
• Intermediate knowledge of MS SQL. Basic knowledge of other commonly used DBMS.
• Ability to identify security vulnerabilities from static, dynamic and interactive testing tools and techniques.
• Knowledge of encryption technologies, secure communications using TLS, and secure credentials management.
• Intimate familiarity with web application testing tools (eg: Burp, Fiddler, Veracode, Snyk, Whitehat DAST). Ability to write proof-of-concept exploits is a big plus.
• Ability to define application security requirements and build secure web application solutions.
• Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
• Strong work ethic, attention to detail, and organizational skills.
• Ability to collaborate in a team and work independently.
• Conceptual understanding of software development principles and SDLC models, Agile experience is a plus.
• Intermediate proficiency with the Microsoft Office suite.

• Advanced experience with at least one scripting language (e.g.: Perl, Python)
• Strong experience with devops in public cloud and big data storage, databases, and APIs such as BigQuery, vSQL, etc.
• Hands-on development experience and thorough understanding of object-oriented programming, preferably Java, C#, ASP.NET
• Security Certifications GWEB, OSCP, Burp Certified Practitioner is a plus

• A technology-based company with a sense of adventure and a vision for the future. Every door at BlackLine is open. Just bring your brains, your problem-solving skills, and be part of a winning team at the world's most trusted name in Finance Automation!
• A culture that is kind, open, and accepting. It's a place where people can embrace what makes them unique, and the mix of cultural backgrounds and varying interests cultivates diverse thought and perspectives.
• A culture where BlackLiner's continued growth and learning is empowered. BlackLine offers a wide variety of professional development seminars and inclusive affinity groups to celebrate and support our diversity.

BlackLine is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity or expression, race, age, religious creed, national origin, physical or mental disability, ancestry, color, marital status, sexual orientation, military or veteran status, status as a victim of domestic violence, sexual assault or stalking, medical condition, genetic information, or any other protected class or category recognized by applicable equal employment opportunity or other similar laws.

BlackLine recognizes that the ways we work and the workplace itself has shifted. We innovate in a workplace that optimizes a combination of virtual and in-person interactions to maximize collaboration and nurture our culture. Candidates who live within a reasonable commute to one of our offices will work in the office at least 2 days a week.