Job description

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Cadence’s Information Security team is seeking a Sr. Software Security Engineer. This role will focus on Cloud and on-premise Software Security controls including WAF and CDN tools. This is a Security Development Operations role that will ensure security tool integration at the source code repo (Perforce, Github etc.), build environment, and artifactory level. As a member of the Information Security team, this role will develop and support the secure software develop life cycle, including DAST, SAST, SCA, penetration testing, and attack surface management. This role will interface directly with development teams. Of course, there is broad exposure to other aspects of information security related tasks such as incident response, vulnerability management, and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Configuration Management/DevOps background with hands-on experience in building software security within CI/CD. Key Deliverables and Responsibilities (include but are not limited to the following): Perform operational support for AWS WAF configurations – updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications. Perform operational support for Azure WAF configurations Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline. Perform manual penetration tests on web applications Maintain Cloudflare DDOS protections and WAF configurations. Attend enterprise architecture reviews to standardize and secure new deployments Qualifications and Special Skills Required Bachelor’s degree in computer science or engineering field or equivalent combination of education and relevant 3 – 5 years of experience A passion to learn and educate others on how to build secure software. Ability to work in a group setting and independently Experience with Jira IT ticketing systems. Experience with GitHub, Perforce, GitLab Experience with SonaType, JFrog Good working knowledge in scripting language, Python, PowerShell, etc. Strong understanding of Linux/UNIX and Windows based operating systems and networks. Strong working knowledge of Application security concepts and technologies such as: Experience in OWASP Top 10 and usage of common AppSec testing tools. Experience of Secure by Design concepts and threat modeling Knowledge of common security libraries, security controls, and common security flaws. Experience in application penetration testing techniques and tools Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools Open Source Security (OSS) - Software Composition Analysis (SCA) Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Security Architecture Review - Threat Modeling AWS and Azure WAF Configuration and whitelisting Cloudflare DDOS configuration and operation Manual Penetration Testing Penetration testing with 3rd party vendors Host level vulnerability Scanning Web application security training course development and delivery Preferred Certifications: Certified Information Systems Security Professional (CISSP) SANS GIAC certifications Amazon Web Services, Azure, Google Cloud Platform We’re doing work that matters. Help us solve what others can’t. Additional Jobs (https://cadence.wd1.myworkdayjobs.com/addl\_jobs) Equal Employment Opportunity Policy: Cadence is committed to equal employment opportunity throughout all levels of the organization. + Read the policy(opens in a new tab) (https://www.cadence.com/content/dam/cadence-www/global/en\_US/documents/company/careers/equal-employment-opportunity-policy.pdf) We welcome your interest in the company and want to make sure our job site is accessible to all. If you experience difficulty using this site or to request a reasonable accommodation, please contact staffing@cadence.com. Privacy Policy: Job Applicant If you are a job seeker creating a profile using our careers website, please see the privacy policy(opens in a new tab) (https://www.cadence.com/en\_US/home/privacy/privacy-policy.html) . E-Verify Cadence participates in the E-Verify program in certain U.S. locations as required by law. Download More Information on E-Verify (64K) (https://www.cadence.com/content/dam/cadence-www/global/en\_US/documents/company/careers/e-verify-participation-poster.pdf) Cadence plays a critical role in creating the technologies that modern life depends on. We are a global electronic design automation company, providing software, hardware, and intellectual property to design advanced semiconductor chips that enable our customers create revolutionary products and experiences. Thanks to the outstanding caliber of the Cadence team and the empowering culture that we have cultivated for over 25 years, Cadence continues to be recognized by Fortune Magazine as one of the 100 Best Companies to Work For. 
 Our shared passion for solving the world’s toughest technical challenges, our dedication to pushing the limits of the industry, and our drive to do meaningful work differentiates the people of Cadence. Cadence is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, basis of disability, or any other protected class. Cadence is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, basis of disability, or any other protected class. At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Cadence’s Information Security team is seeking a Sr. Software Security Engineer. This role will focus on Cloud and on-premise Software Security controls including WAF and CDN tools. This is a Security Development Operations role that will ensure security tool integration at the source code repo (Perforce, Github etc.), build environment, and artifactory level. As a member of the Information Security team, this role will develop and support the secure software develop life cycle, including DAST, SAST, SCA, penetration testing, and attack surface management. This role will interface directly with development teams. Of course, there is broad exposure to other aspects of information security related tasks such as incident response, vulnerability management, and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Configuration Management/DevOps background with hands-on experience in building software security within CI/CD. Key Deliverables and Responsibilities (include but are not limited to the following): Perform operational support for AWS WAF configurations – updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications. Perform operational support for Azure WAF configurations Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline. Perform manual penetration tests on web applications Maintain Cloudflare DDOS protections and WAF configurations. Attend enterprise architecture reviews to standardize and secure new deployments Qualifications and Special Skills Required Bachelor’s degree in computer science or engineering field or equivalent combination of education and relevant 3 – 5 years of experience A passion to learn and educate others on how to build secure software. Ability to work in a group setting and independently Experience with Jira IT ticketing systems. Experience with GitHub, Perforce, GitLab Experience with SonaType, JFrog Good working knowledge in scripting language, Python, PowerShell, etc. Strong understanding of Linux/UNIX and Windows based operating systems and networks. Strong working knowledge of Application security concepts and technologies such as: Experience in OWASP Top 10 and usage of common AppSec testing tools. Experience of Secure by Design concepts and threat modeling Knowledge of common security libraries, security controls, and common security flaws. Experience in application penetration testing techniques and tools Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools Open Source Security (OSS) - Software Composition Analysis (SCA) Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Security Architecture Review - Threat Modeling AWS and Azure WAF Configuration and whitelisting Cloudflare DDOS configuration and operation Manual Penetration Testing Penetration testing with 3rd party vendors Host level vulnerability Scanning Web application security training course development and delivery Preferred Certifications: Certified Information Systems Security Professional (CISSP) SANS GIAC certifications Amazon Web Services, Azure, Google Cloud Platform We’re doing work that matters. Help us solve what others can’t. Additional Jobs (https://cadence.wd1.myworkdayjobs.com/addl\_jobs) Equal Employment Opportunity Policy: Cadence is committed to equal employment opportunity throughout all levels of the organization. + Read the policy(opens in a new tab) (https://www.cadence.com/content/dam/cadence-www/global/en\_US/documents/company/careers/equal-employment-opportunity-policy.pdf) We welcome your interest in the company and want to make sure our job site is accessible to all. If you experience difficulty using this site or to request a reasonable accommodation, please contact staffing@cadence.com. Privacy Policy: Job Applicant If you are a job seeker creating a profile using our careers website, please see the privacy policy(opens in a new tab) (https://www.cadence.com/en\_US/home/privacy/privacy-policy.html) . E-Verify Cadence participates in the E-Verify program in certain U.S. locations as required by law. Download More Information on E-Verify (64K) (https://www.cadence.com/content/dam/cadence-www/global/en\_US/documents/company/careers/e-verify-participation-poster.pdf) Cadence plays a critical role in creating the technologies that modern life depends on. We are a global electronic design automation company, providing software, hardware, and intellectual property to design advanced semiconductor chips that enable our customers create revolutionary products and experiences. Thanks to the outstanding caliber of the Cadence team and the empowering culture that we have cultivated for over 25 years, Cadence continues to be recognized by Fortune Magazine as one of the 100 Best Companies to Work For. 
 Our shared passion for solving the world’s toughest technical challenges, our dedication to pushing the limits of the industry, and our drive to do meaningful work differentiates the people of Cadence. Cadence is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, basis of disability, or any other protected class. Cadence is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, basis of disability, or any other protected class.

Requirements