Staff Application Security Engineer

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology.

As a condition of employment with Cadence, newly hired employees will be required to provide Cadence with proof of full vaccination, unless legally entitled to an accommodation.

Cadence’s Information Security team is seeking an Application Security Engineer. This role will focus on Configuration Management and System Administration. This is truly a Security Development Operations role that will ensure security tool integration at the source code repo, build, and artifactory level. As a member of the Information Security team, this role proactively works with research and development teams to protect intellectual property and build in security within the develop life cycle. This will include DAST, SAST, and SCA tools.

This role reports to the Software Security Director and will interface directly with development teams. Of course, there is broad exposure to other aspects of information security related tasks such as incident response, vulnerability management, and deployment of security solutions. The successful candidate for this position is a highly motivated individual with a strong Application Development and Security background that wants to educate and build a software security program.

Key Deliverables and Responsibilities (include but are not limited to the following):

  • Maintain and support GitHub Enterprise
  • Maintain and support Sonatype – Nexus Lifecycle and Nexus Firewall.
  • Integrate Static Application Security Testing (SAST) into the build process
  • Standardize development teams on GitHub Enterprise.
  • Implement Software Composition Analysis (SCA) at both the source code repo level and the artifactory distribution center.
  • Automate Dynamic Application Security Testing (DAST) in the CI/CD pipeline.
  • Maintain and support Github Enterprise
  • Maintain and support Sonatype – Nexus Lifecycle and Nexus Firewall.
  • Perform manual penetration tests on web applications
  • Perform operational support for AWS WAF configurations – updating whitelists and creating security automation web ACLs to protect Internet facing endpoints and applications.
  • Maintain Cloudflare DDOS protections and WAF configurations.
  • Implement Runtime Application Self Protection (RASP) on applications to protect containers and web-based applications.
  • Attend enterprise architecture reviews to standardize and secure new deployments

Qualifications and Special Skills Required

  • Bachelor’s degree in computer science or engineering field or equivalent combination of education and relevant experience.
  • 3 – 5 years of experience with secure application development, security processes, and security solutions.
  • A passion to learn and educate others on how to build secure software.
  • Ability to work in a group setting and independently
  • Experience with IT ticketing systems.
  • Good working knowledge in scripting language, Python, PowerShell, etc.
  • Strong understanding of Linux/UNIX and Windows based operating systems and networks.
  • Strong working knowledge of Application security concepts and technologies such as:
    • Experience in development languages.
    • Experience in OWASP Top 10 and usage of common AppSec testing tools.
    • Experience in performing security code review
    • Experience in using code repository systems
    • Experience of Secure by Design concepts and threat modeling
    • Knowledge of common security libraries, security controls, and common security flaws.
    • Experience in application penetration testing techniques and tools
    • Knowledge of application technologies including Web applications, Web services, XML, SOA, AJAX, JSON, and Web scanning tools
    • Open Source Security (OSS) – Software Composition Analysis (SCA)
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Runtime Application Self Protection (RASP) – Real Time Monitoring detection and prevention
    • Security Architecture Review – Threat Modeling
    • AWS and Azure WAF Configuration and whitelisting
    • Cloudflare DDOS configuration and operation
    • Manual Penetration Testing
    • Penetration testing with 3rd party vendors
    • Host level vulnerability Scanning
    • Web application security training course development and delivery

Preferred Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS GIAC certifications
  • Amazon Web Services, Azure, Google Cloud Platform

We’re doing work that matters. Help us solve what others can’t.

Job ID : R36454

More Information

Apply for this job

Leave your thoughts