Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Black Duck, a recognized pioneer in application security, provides SAST, SCA, and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- Design, develop, and maintain the .NET agent core, including security checkers (SQLi, XSS, CSRF, deserialization, etc.) and taint analysis engine
- Develop and optimize native C++ profilers using the CLR Profiling API for both .NET Framework and .NET Core/.NET 5+
- Support multi-platform builds targeting Windows (x64), Linux (x64, ARM64), and Alpine/musl environments
- Extend agent capabilities to new .NET versions (.NET 8, 9, 10+) and hosting models (AWS Lambda, Azure Functions, gRPC, OWIN, WCF)
- Collaborate on CI/CD pipelines (GitLab CI) across multiple OS targets and Docker-based build environments
- Write and maintain unit tests (NUnit) and integration tests across framework versions
- Troubleshoot low-level runtime issues involving IL rewriting, method interception, and memory management
- Participate in code reviews, architecture discussions, and contribute to build system improvements (Cake Build, CMake, MSBuild)
- 9+ years of professional software development experience
- Strong C# proficiency across .NET Framework (3.5–4.8.1) and .NET Core/.NET 5+ (up to .NET 10)
- C++ experience — working with native interop, COM, and platform APIs (CLR Profiling API is a strong plus)
- Deep understanding of the .NET CLR internals — assembly loading, JIT compilation, IL metadata, type system
- Experience with multi-platform development (Windows & Linux)
- Proficiency with CMake, MSBuild, and complex build orchestration
- Strong debugging skills — ability to diagnose issues across managed/native boundaries
- Experience with Git and CI/CD pipelines (GitLab CI preferred)
- - Experience in application security, DAST/IAST, or security instrumentation
- - Knowledge of OWASP Top 10 vulnerabilities and detection techniques
- - Experience with Docker containerization and multi-arch builds (x64, ARM64, Alpine)
- - Familiarity with serverless platforms (AWS Lambda, Azure Functions)
- - Experience with WiX installer authoring and NuGet packaging
- - Knowledge of code obfuscation techniques
- - Familiarity with logging frameworks (log4net, spdlog, NLog)
- - Experience with WebSocket communication protocols
Tech Stack:
Layer
Technologies
Languages
C#, C++, PowerShell
Frameworks
.NET Framework 3.5–4.8.1, .NET Core 2.0–3.1, .NET 5–10
Build
Cake Build, CMake, MSBuild, GitLab CI
Native
CLR Profiling API, COM, spdlog, TBB
Testing
NUnit, Integration test harness
Platforms
Windows x64, Linux x64/ARM64, Alpine
Packaging
NuGet, WiX Installer
Nice to Have:
- Experience contributing to profilers, APM agents, or runtime instrumentation tools
- Background in reverse engineering or binary analysis
- Familiarity with ReSharper code inspection tooling
Black Duck is an equal opportunity employer. We consider all applicants for employment without regard to race, color, national origin, religion, sex, gender identity or expression, age, disability, sexual orientation, veteran or military service status, or any other characteristic protected by applicable law. Black Duck complies with all applicable laws prohibiting employment discrimination in every jurisdiction where it operates and provides reasonable accommodations to individuals with disabilities in accordance with applicable law.
Skills Required
- 9+ years professional software development experience
- Strong C# proficiency across .NET Framework (3.5-4.8.1) and .NET Core/.NET 5+ (up to .NET 10)
- C++ experience working with native interop, COM, and platform APIs
- Deep understanding of .NET CLR internals (assembly loading, JIT, IL metadata, type system)
- Experience with multi-platform development (Windows & Linux) and targeting x64/ARM64/Alpine
- Proficiency with CMake, MSBuild, and complex build orchestration
- Strong debugging skills across managed/native boundaries and diagnosing runtime issues
- Experience with Git and CI/CD pipelines (GitLab CI preferred)
- Experience writing and maintaining unit tests (NUnit) and integration tests
- Experience developing native C++ profilers using the CLR Profiling API for .NET Framework and .NET Core/.NET 5+
- Experience in application security, DAST/IAST, or security instrumentation
- Knowledge of OWASP Top 10 vulnerabilities and detection techniques
- Experience with Docker containerization and multi-arch builds (x64, ARM64, Alpine)
- Familiarity with serverless platforms (AWS Lambda, Azure Functions)
- Experience with WiX installer authoring and NuGet packaging
- Knowledge of code obfuscation techniques
- Familiarity with logging frameworks (log4net, spdlog, NLog)
- Experience with WebSocket communication protocols
Black Duck Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Black Duck and has not been reviewed or approved by Black Duck.
-
Healthcare Strength — Medical, dental, and vision coverage provide multiple plan choices with transparent costs, with carrier updates noted for 2026. Vision via VSP and dental plan options offer defined tiers and network access.
-
Retirement Support — Retirement programs include a 401(k) with company matching alongside an employee stock purchase plan with a discount and lookback. These features support longer‑term savings and wealth building.
-
Leave & Time Off Breadth — Exempt employees use a manager‑approved, no‑cap time‑off model, while non‑exempt employees accrue flexible time off alongside sick time. Paid leaves include parental and family care leave, with additional protections under applicable leave laws.
Black Duck Insights
What We Do
Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, London, Frankfurt, Hong Kong, Tokyo, Vancouver, Seoul & Beijing
Why Work With Us
We pride ourselves on cultivating an environment of collaboration, creativity, and fun! We know where you work can influence how you work, which is why our collaborative office space focuses on community and continuous learning. Our work-hard, play-hard attitude even got us named a Top Place to Work in Massachusetts by The Boston Globe!
Gallery

.jpeg)






