Sr. Software Security Engineer

Join to apply for the Sr. Software Security Engineer role at Cadence

2 days ago Be among the first 25 applicants

Join to apply for the Sr. Software Security Engineer role at Cadence

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology.

Cadence’s Information Security team is seeking a Sr. Software Security Engineer. This role will focus on Cloud and on-premise Software Security controls including WAF and CDN tools. This is a Security Development Operations role that will ensure security tool integration at the source code repo (Perforce, Github etc.), build environment, and artifactory level. As a member of the Information Security team, this role will develop and support the secure software development life cycle, including DAST, SAST, SCA, penetration testing, and attack surface management.

This role will interface directly with development teams and may involve tasks related to incident response, vulnerability management, and deployment of security solutions. The ideal candidate is highly motivated with a strong background in Application Development and DevOps, with hands-on experience in building security into CI/CD pipelines.

1. Operational support for AWS WAF configurations, including updating whitelists and creating security automation web ACLs.
2. Operational support for Azure WAF configurations.
3. Automate DAST in the CI/CD pipeline.
4. Perform manual web application penetration tests.
5. Maintain Cloudflare DDoS protections and WAF configurations.
6. Participate in enterprise architecture reviews to standardize and secure new deployments.

• Bachelor’s degree in computer science or engineering, or equivalent experience (3-5 years).
• Passion for learning and teaching secure software development.
• Ability to work independently and in teams.
• Experience with Jira, GitHub, Perforce, GitLab, SonaType, JFrog.
• Proficiency in scripting languages such as Python and PowerShell.
• Strong knowledge of Linux/UNIX and Windows OS and networks.
• Understanding of application security concepts, OWASP Top 10, and security testing tools.
• Experience with secure by design, threat modeling, and application penetration testing.
• Knowledge of web technologies, SCA, SAST, DAST, and security architecture review.
• Experience with WAF configuration, Cloudflare, and manual/third-party penetration testing.
• Familiarity with vulnerability scanning and security training development.

• CISSP, SANS GIAC, cloud platform certifications (AWS, Azure, GCP).

We’re doing work that matters. Help us solve what others can’t.