Full-Time
Staff Engineer
Software Engineering, Prodops
Posted on 9/22/2025
Black Duck
1,001-5,000 employees
Open source risk management and audits
No salary listed
Bengaluru, Karnataka, India
Hybrid
Hybrid work in Bangalore with rotational night shifts and weekend on-call.
 DevOps & Infrastructure (2) |
|---|
| , |
- Bachelor's or Master's degree in Computer Science, Engineering, or a related field.
- A minimum of 5 - 8 years of experience in Site Reliability Engineering
- Hands-on of Go or Python OR Shell OR Perl scripting languages
- Proven expertise in cloud computing services (AWS, Azure, GCP), container technologies (Docker, Kubernetes)
- Background working with CI/CD pipelines and familiarity with modern software delivery ecosystem (GitHub Actions, ArgoCD, Harness.io, GitLab CI, etc).
- Excellent problem-solving, organizational, and leadership skills.
- Strong communication abilities to effectively collaborate with internal teams and stakeholders.
- Willingness to work in 24/7 environment and rotational shift and rotational weekly offs.
- Certifications: CKAD, CKS, and/or CKA (Good to have)
- Design and develop scalable, modular solutions that promote reuse and are easily integrated into our diverse product suite.
- Collaborate with cross-functional teams to understand their needs and incorporate user feedback into the development.
- Establish best practices for modern software architecture, including Microservices, Serverless computing, and API-first strategies.
- Drive the strategy for Containerization and orchestration using Docker, Kubernetes, or equivalent technologies.
- Ensure the platform's infrastructure is robust, secure, and compliant with industry standards.
- Leadership qualities for taking care of the shifts.
- Act as a Shift Lead
- Escalation Management.
- Training L1 and L2.
- Flexible with rotational shifts which may include Night Shifts
- Flexible to work on weekends once in a month.
- CKAD, CKS, and/or CKA (Good to have)
Black Duck Software helps organizations manage open source risk by offering Software Composition Analysis (SCA) and Open Source Audits. Its products scan software to find security vulnerabilities and license compliance issues in open source components and provide fixes. The Open Source Audits support due diligence for mergers and acquisitions and internal audits. Revenue comes from licenses for the tools plus professional services for audits and consultations. The platform relies on a large database of open source components, vulnerabilities, and licenses to enable fast, accurate analysis. The goal is to help security, development, and legal teams ensure software is secure and legally compliant throughout the software development lifecycle and during M&A.
Company Size
1,001-5,000
Company Stage
Acquired
Total Funding
$652.5M
Headquarters
Burlington, Massachusetts
Founded
2002
Simplify's Take
What believers are saying
- Clearlake and Francisco Partners acquired Black Duck for $2.1 billion.
- Ishpreet Singh joined as CIO and Bruce Jenkins promoted to CISO in December 2024.
- 4,000+ organizations use Black Duck for unified SAST, SCA, and AI analysis.
What critics are saying
- Snyk erodes Black Duck's base with 40% faster scans and 25% more DevSecOps deals.
- Sonatype undercuts pricing by 30%, shrinking Black Duck's SaaS margins.
- Veracode's WhiteSource acquisition diverts 15% of Black Duck's M&A audit revenue.
What makes Black Duck unique
- Signal uses ContextAI with 20 years of security intelligence for AI-generated code.
- Polaris integrates with GitHub, GitLab, Azure DevOps, and Bitbucket for automated DevSecOps.
- Code Sight provides IDE plugins with real-time SCA and AI fix suggestions.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Flexible Work Hours
Professional Development Budget
Paid Vacation
Growth & Insights and Company News
6 month growth
↑ 0%1 year growth
↑ 1%2 year growth
↑ 49%Black Duck has launched Signal, an AI-powered application security solution designed to secure AI-generated code in autonomous development workflows. The platform uses an agentic AI architecture where specialised agents analyse vulnerabilities, validate exploitability and recommend fixes. Signal is powered by ContextAI, Black Duck's application security model containing over 20 years of security intelligence. This enables the system to assess risk with higher accuracy than solutions built solely on general-purpose AI models. The platform integrates directly into modern software development through model context protocol and APIs that support AI coding assistants and automated pipelines. CEO Jason Schmitt said AI is "actively authoring software", and Signal brings intelligence and governance to that reality. The solution is now generally available and will be showcased at RSA Conference in San Francisco from 23–26 May.
Black Duck has launched enhanced integrations for its Polaris Platform across major source code management systems including GitHub, GitLab, Azure DevOps and Bitbucket. The updates enable automated repository onboarding, continuous monitoring and event-based scanning for enterprises managing thousands of code repositories. The enhancements allow organisations to automatically onboard repositories without manual configuration and trigger scans during pull requests. The platform includes Black Duck Signal for AI-powered security insights and Code Sight, an IDE plugin providing real-time feedback to developers. The integrations support customisable scanning options and automatically synchronise security policies and user access controls across repositories. The features are immediately available to existing customers through Polaris Platform settings, aiming to streamline DevSecOps operations at enterprise scale.
BlueVoyant's new Software Bill of Materials (SBOM) management offering, powered by SBOM leader Manifest, enables organizations to efficiently analyze and reduce third-party risks from commercial softwareNEW YORK, June 3, 2025 /PRNewswire/ -- BlueVoyant, the leader in integrated cybersecurity, today launched its Software Bill of Materials (SBOM) management offering, which helps organizations reduce risk related to software by automating the ingestion, analysis, and tracking of software component information from third-party software vendors. The latest advancements enhance Supply Chain Defense, BlueVoyant's next-generation third-party cyber risk management solution that continuously monitors suppliers, vendors, and other third parties, and then works with them to quickly remediate threats. BlueVoyant's SBOM solution is powered through a partnership with Manifest, a cybersecurity company that specializes in securing software supply chains for corporate and government entities.More than 85% of applications contain at least one software vulnerability, according to the Open Source Software Risk Analysis (OSSRA) Report. Yet, many organizations lack visibility into software design or an efficient way to assess and manage third-party SBOM information, which can leave them open to breaches, business interruption, and regulatory compliance issues. As a result, organizations are looking for solutions.By leveraging the BlueVoyant-Manifest SBOM solution, security teams can proactively gain deep insights into software risk exposure and other dependencies that their businesses may rely on."By combining Manifest's depth of experience in SBOM with BlueVoyant's holistic Supply Chain Defense, clients get continuous monitoring and remediation to solve their biggest third-party cybersecurity challenges," said Marc Frankel, CEO and co-founder of Manifest.The key benefits to utilizing SBOM for third-party risk are:Vendor risk management: Automatically solicit SBOMs from vendors, see intuitive risk levels for vendor products, and incorporate them into comprehensive third-party cyber risk managementSmarter vulnerability management: Prioritize vulnerabilities quickly, and triage issues to reduce false positives and avoid unnecessary mitigation workOpen Source Software (OSS) risk management: Create an enterprise-wide inventory of OSS across first and third-party products, and scan OSS repositories to assess risk before implementing themSimplified compliance: Easily demonstrate compliance and provide evidence for international regulations and standards such as R155, Executive Order 14028, Section 524B , the European Cyber Resilience Act, and the EU's NIS2 and DORA"Organizations in the private and public sectors are realizing that SBOM visibility is a crucial part of a proactive third-party cyber risk management program," said Joel Molinoff, global head of Supply Chain Defense at BlueVoyant. "By enhancing BlueVoyant's Supply Chain Defense with Manifest's SBOM capabilities, our clients are expanding their risk visibility deeper into the software supply chain and ensuring continuous monitoring and remediation of critical threats."BlueVoyant's Supply Chain Defense has garnered multiple industry awards
Ishpreet Singh named CIO, joins executive leadership team from Qualys; Bruce Jenkins promoted internally to CISO, further bolstering vision of growth and innovationBURLINGTON, Mass., Dec. 19, 2024 /PRNewswire/ -- Black Duck® Software, Inc. ("Black Duck"), a widely recognized leader in application security, today announced the appointment of Ishpreet Singh as chief information officer (CIO) and Bruce Jenkins as chief information security officer (CISO)
Clearlake Capital and Francisco Partners acquire Black Duck Software for $2.1bn.