Sr. Software Security Engineer

Cadence Design Systems

4.4

(53)

Cork, Ireland

Why you should apply for a job to Cadence Design Systems:

  • 4.4/5 in overall job satisfaction
  • 4.4/5 in supportive management
  • 87% say women are treated fairly and equally to men
  • 89% would recommend this company to other women
  • 87% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Parental leave is available for both paternity and maternity
  • Flexible work options available
  • 88% of employees at Cadence say it is a great place to work compared to 57% of employees at a typical U.S.-based company.
  • #R50276

    Position summary

    :** Sreeni Kancharla; VP & CISO

    Job Overview:

    Cadence's Information Security team is seeking a Sr. Software Security Engineer. This role will focus on Cloud and on-premise Software Security controls including WAF and CDN tools. This is a Security Development Operations role that will ensure security tool integration at the source code repositories (Perforce, Github etc.), build environment, and artifactory level. As a member of the Information Security team, this role will develop and support the secure software develop life cycle, including DAST, SAST, SCA, penetration testing, and attack surface management.

    This role will interface directly with development teams. Of course, there is broad exposure to other aspects of information security related tasks such as incident response, vulnerability management, and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and DevOps background with hands-on experience in building software security within CI/CD.

    Job Responsibilities:

    • Perform operational support for AWS WAF configurations - updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications.

    • Perform operational support for Azure WAF configurations

    • Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline.

    • Perform manual penetration tests on web applications

    • Maintain Cloudflare DDOS protections and WAF configurations.

    • Attend enterprise architecture reviews to standardize and secure new deployments

    Job Qualifications:

    • Bachelor's degree in computer science or engineering field or equivalent combination of education and relevant 3 - 5 years of experience

    • Experience with GitHub, Perforce, GitLab

    • Experience with SonaType, JFrog

    • Good working knowledge in scripting language, Python, PowerShell, etc.

    • Strong understanding of Linux/UNIX and Windows based operating systems and networks.

    • A passion to learn and educate others on how to build secure software.

    • Experience with CVE and CVSS vulnerability scoring

    • Experience with Jira IT ticketing systems.

    • US and EU Cybersecurity regulations

    • Ability to work in a group setting and independently

    Additional Skills/Preferences:

    • Certified Information Systems Security Professional (CISSP)

    • SANS GIAC certifications

    • Amazon Web Services, Azure, Google Cloud Platform

    Additional Information:

    Strong working knowledge of Application security concepts and technologies such as:

    • Experience in OWASP Top 10 and usage of common AppSec testing tools.

    • Experience of Secure by Design concepts and threat modeling

    • Knowledge of common security libraries, security controls, and common security flaws.

    • Experience in application penetration testing techniques and tools

    • Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools

    • Open Source Security (OSS) - Software Composition Analysis (SCA)

    • Static Application Security Testing (SAST)

    • Dynamic Application Security Testing (DAST)

    • Security Architecture Review - Threat Modeling

    • AWS and Azure WAF Configuration and whitelisting

    • Cloudflare DDOS configuration and operation

    • Manual Penetration Testing

    • Penetration testing with 3rd party vendors

    • Host level vulnerability Scanning

    • Web application security training course development and delivery

    Cadence is committed to equal employment opportunity and employment equity throughout all levels of the organization. We strive to attract a qualified and diverse candidate pool and encourage diversity and inclusion in the workplace.

    Travel: If applicable, include an estimate of travel (e.g., ">10% domestic travel").

    We're doing work that matters. Help us solve what others can't.

    Why you should apply for a job to Cadence Design Systems:

  • 4.4/5 in overall job satisfaction
  • 4.4/5 in supportive management
  • 87% say women are treated fairly and equally to men
  • 89% would recommend this company to other women
  • 87% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Parental leave is available for both paternity and maternity
  • Flexible work options available
  • 88% of employees at Cadence say it is a great place to work compared to 57% of employees at a typical U.S.-based company.