Full-Time
Implementation Consultant
Posted on 7/18/2025
Black Duck
1,001-5,000 employees
Open source risk management and audits
Compensation Overview
$94k - $119.9k/yr
Remote in USA
Remote
 Software Engineering (2) |
|---|
| , |
- Knowledge of application security and vulnerabilities.
- Software development experience with C/C++, Java, C#, or another dominant programming language.
- Strong scripting ability in one or more common scripting languages (Perl, Python, PowerShell, Bash).
- Experience with Continuous Integration and DevOps tools.
- A demonstrated technical aptitude, sharp consulting instincts, and a passion for delivering ground-breaking solutions for top-tier technology companies.
- Rock-solid analytical skills, conceptual ability, and creativity.
- The talent to work with, connect to, and influence customers to transform processes to utilize new technologies.
- The ability to travel up to 40% of the time as the job requires.
- Planning and successful implementation of Synopsys Software Integrity solutions.
- Engaging with customers to understand their business needs and solve critical problems concerning quality, security, and compliance.
- Working with the customer from Project initiation to completion with end-to-end ownership of the results.
- Developing custom solutions to integrate tools into SDLC and DevOps workflows.
- Providing solution expertise in software testing and security as a trusted advisor to customers.
- Working with account teams throughout delivery to ensure visibility of the success of the engagement.
- Identifying opportunities for further adoption of solutions with existing clients.
- Advising customers on Secure Development processes and identifying opportunities for improvement.
- A track record of delivering professional services and technical account management for complex security products.
- Security certification such as CEH, CISSP, or CSSLP.
- Proven ability to deploy both SaaS and On-prem solutions.
- Experience with security testing and network protocols.
- Master's Degree or equivalent Experience preferred.
Black Duck Software helps organizations manage open source risk by offering Software Composition Analysis (SCA) and Open Source Audits. Its products scan software to find security vulnerabilities and license compliance issues in open source components and provide fixes. The Open Source Audits support due diligence for mergers and acquisitions and internal audits. Revenue comes from licenses for the tools plus professional services for audits and consultations. The platform relies on a large database of open source components, vulnerabilities, and licenses to enable fast, accurate analysis. The goal is to help security, development, and legal teams ensure software is secure and legally compliant throughout the software development lifecycle and during M&A.
Company Size
1,001-5,000
Company Stage
Acquired
Total Funding
$652.5M
Headquarters
Burlington, Massachusetts
Founded
2002
Simplify's Take
What believers are saying
- Clearlake and Francisco Partners acquired Black Duck for $2.1 billion.
- Ishpreet Singh joined as CIO and Bruce Jenkins promoted to CISO in December 2024.
- 4,000+ organizations use Black Duck for unified SAST, SCA, and AI analysis.
What critics are saying
- Snyk erodes Black Duck's base with 40% faster scans and 25% more DevSecOps deals.
- Sonatype undercuts pricing by 30%, shrinking Black Duck's SaaS margins.
- Veracode's WhiteSource acquisition diverts 15% of Black Duck's M&A audit revenue.
What makes Black Duck unique
- Signal uses ContextAI with 20 years of security intelligence for AI-generated code.
- Polaris integrates with GitHub, GitLab, Azure DevOps, and Bitbucket for automated DevSecOps.
- Code Sight provides IDE plugins with real-time SCA and AI fix suggestions.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Flexible Work Hours
Professional Development Budget
Paid Vacation
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 1%2 year growth
↑ 49%Black Duck has launched Signal, an AI-powered application security solution designed to secure AI-generated code in autonomous development workflows. The platform uses an agentic AI architecture where specialised agents analyse vulnerabilities, validate exploitability and recommend fixes. Signal is powered by ContextAI, Black Duck's application security model containing over 20 years of security intelligence. This enables the system to assess risk with higher accuracy than solutions built solely on general-purpose AI models. The platform integrates directly into modern software development through model context protocol and APIs that support AI coding assistants and automated pipelines. CEO Jason Schmitt said AI is "actively authoring software", and Signal brings intelligence and governance to that reality. The solution is now generally available and will be showcased at RSA Conference in San Francisco from 23–26 May.
Black Duck has launched enhanced integrations for its Polaris Platform across major source code management systems including GitHub, GitLab, Azure DevOps and Bitbucket. The updates enable automated repository onboarding, continuous monitoring and event-based scanning for enterprises managing thousands of code repositories. The enhancements allow organisations to automatically onboard repositories without manual configuration and trigger scans during pull requests. The platform includes Black Duck Signal for AI-powered security insights and Code Sight, an IDE plugin providing real-time feedback to developers. The integrations support customisable scanning options and automatically synchronise security policies and user access controls across repositories. The features are immediately available to existing customers through Polaris Platform settings, aiming to streamline DevSecOps operations at enterprise scale.
BlueVoyant's new Software Bill of Materials (SBOM) management offering, powered by SBOM leader Manifest, enables organizations to efficiently analyze and reduce third-party risks from commercial softwareNEW YORK, June 3, 2025 /PRNewswire/ -- BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant's next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant's SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities.More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organizations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organizations are looking for solutions.By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on."By combining Manifest's depth of experience in SBOM with BlueVoyant's holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges," said Marc Frankel, CEO and co-founder of Manifest.The key benefits to utilizing SBOM for third-party risk are:Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk managementSmarter vulnerability management: Prioritize vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation workOpen Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing themSimplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B , the European Cyber Resilience Act, and the EU's NIS2 and DORA"Organizations in the private and public sectors are realizing that SBOM visibility is a crucial part of a proactive third-party cyber risk management program," said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. "By enhancing BlueVoyant's Supply Chain Defense with Manifest's SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats."BlueVoyant's Supply Chain Defense has garnered multiple industry awards
Ishpreet Singh named CIO, joins executive leadership team from Qualys; Bruce Jenkins promoted internally to CISO, further bolstering vision of growth and innovationBURLINGTON, Mass., Dec. 19, 2024 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck"), a widely recognized leader in application security, today announced the appointment of Ishpreet Singh as chief information officer (CIO) and Bruce Jenkins as chief information security officer (CISO)
Clearlake Capital and Francisco Partners acquire Black Duck Software for $2.1bn.