Logo
Cadence Design Systems

Sr. Software Security Engineer

Cadence Design Systems, San Jose

Save Job

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology.

Cadence’s Information Security team is seeking a Sr. Software Security Engineer. This role focuses on Cloud and on-premise Software Security controls, including WAF and CDN tools. It is a Security Development Operations position responsible for security tool integration at the source code repository (Perforce, Github, etc.), build environment, and artifactory level. The role involves developing and supporting the secure software development lifecycle, including DAST, SAST, SCA, penetration testing, and attack surface management.

The candidate will interface directly with development teams and gain exposure to other security tasks such as incident response, vulnerability management, and deployment of security solutions. The ideal candidate has a strong Application Development and DevOps background, with hands-on experience in building security within CI/CD pipelines.

Key Responsibilities:

  • Operational support for AWS WAF configurations, including updating whitelists and creating security automation web ACLs for internet-facing endpoints and applications.
  • Operational support for Azure WAF configurations.
  • Automate DAST in the CI/CD pipeline.
  • Perform manual web application penetration tests.
  • Maintain Cloudflare DDoS protections and WAF configurations.
  • Participate in enterprise architecture reviews to standardize and secure new deployments.

Qualifications:

  • Bachelor’s degree in computer science or engineering, or equivalent experience (3-5 years).
  • Passion for learning and educating others on secure software development.
  • Ability to work independently and in teams.
  • Experience with Jira, GitHub, Perforce, GitLab, SonaType, JFrog.
  • Proficiency in scripting languages such as Python and PowerShell.
  • Strong knowledge of Linux/UNIX, Windows OS, and networking.

Security Skills and Knowledge:

  • Understanding of OWASP Top 10 and experience with AppSec testing tools.
  • Knowledge of Secure by Design principles and threat modeling.
  • Familiarity with security libraries, controls, and common vulnerabilities.
  • Experience in application penetration testing techniques and tools.
  • Knowledge of web technologies like Web applications, Web services, XML, SOA, AJAX, JSON, and web scanning tools.
  • Experience with OSS Security and SCA, SAST, DAST, and Security Architecture Review.
  • Experience configuring AWS and Azure WAFs, Cloudflare DDoS protections, and performing manual and third-party penetration testing.
  • Ability to develop and deliver web application security training courses.

Preferred Certifications:

  • CISSP
  • SANS GIAC certifications
  • Certifications in AWS, Azure, or Google Cloud Platform

We’re doing work that matters. Help us solve what others can’t.

#J-18808-Ljbffr