Sr. Software Security Engineer
Sr. Software Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
At Cadence we hire and develop leaders and innovators who want to make an impact on the world of technology.
Cadences Information Security team is seeking a Sr. Software Security Engineer. This role will focus on Cloud and onpremise Software Security controls including WAF and CDN tools. This is a Security Development Operations role that will ensure security tool integration at the source code repo (Perforce Github etc.) build environment and artifactory level. As a member of the Information Security team this role will develop and support the secure software develop life cycle including DAST SAST SCA penetration testing and attack surface management.
This role will interface directly with development teams. Of course there is broad exposure to other aspects of information security related tasks such as incident response vulnerability management and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Configuration Management/DevOps background with handson experience in building software security within CI/CD.
Key Deliverables and Responsibilities (include but are not limited to the following):
Perform operational support for AWS WAF configurations updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications.
Perform operational support for Azure WAF configurations
Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline.
Perform manual penetration tests on web applications
Maintain Cloudflare DDOS protections and WAF configurations.
Attend enterprise architecture reviews to standardize and secure new deployments
Qualifications and Special Skills Required
Bachelors degree in computer science or engineering field or equivalent combination of education and relevant 3 5 years of experience
A passion to learn and educate others on how to build secure software.
Ability to work in a group setting and independently
Experience with Jira IT ticketing systems.
Experience with GitHub Perforce GitLab
Experience with SonaType JFrog
Good working knowledge in scripting language Python PowerShell etc.
Strong understanding of Linux/UNIX and Windows based operating systems and networks.
Strong working knowledge of Application security concepts and technologies such as:
Experience in OWASP Top 10 and usage of common AppSec testing tools.
Experience of Secure by Design concepts and threat modeling
Knowledge of common security libraries security controls and common security flaws.
Experience in application penetration testing techniques and tools
Knowledge of application technologies including Web applications Web services XML SOA AJAX JSON and Web scanning tools
Open Source Security (OSS) Software Composition Analysis (SCA)
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Security Architecture Review Threat Modeling
AWS and Azure WAF Configuration and whitelisting
Cloudflare DDOS configuration and operation
Manual Penetration Testing
Penetration testing with 3rd party vendors
Host level vulnerability Scanning
Web application security training course development and delivery
Preferred Certifications:
Certified Information Systems Security Professional (CISSP)
SANS GIAC certifications
Amazon Web Services Azure Google Cloud Platform
Were doing work that matters. Help us solve what others cant.
Required Experience:
Senior IC
Employment Type
Full-Time
