Loc: Noida, IN and San jose, ca ( 1 position ea. respectively)
Rate: Best rate DOE
Client : Cadence
Role Overview
We are looking for a Security Engineer specializing in SAST and SCA to strengthen our Application Security (AppSec) program. This role will focus on identifying, prioritizing, and driving remediation of code-level and open-source vulnerabilities across the software development lifecycle (SDLC).
The ideal candidate has a strong understanding of secure coding practices, vulnerability management, and developer workflows, with the ability to scale security testing through automation and process integration.
Key Responsibilities
SAST (Static Application Security Testing)
· Operate and manage SAST tools (e.g., Checkmarx, Fortify, Veracode, CodeǪL)
· Analyze scan results to:
o Identify true positives vs false positives
o Prioritize based on exploitability and business impact
· Partner with development teams to:
o Remediate vulnerabilities
o Improve secure coding practices
· Tune rules and policies to reduce noise and increase scan accuracy SCA (Software Composition Analysis)
· Manage and optimize SCA tools (e.g., Sonatype, Snyk, Black Duck, WhiteSource/Mend, Dependabot)
· Identify and track:
o Vulnerabilities in third-party and open-source components
o License and compliance risks
· Drive:
o Dependency upgrades and patching strategies
o Risk-based prioritization for remediation
· Maintain visibility into software bill of materials (SBOM)
SDLC Integration G Automation
· Integrate SAST/SCA into:
o CI/CD pipelines (GitHub, GitLab, Azure DevOps, Jenkins)
o Developer workflows (PR checks, pre-commit hooks)
· Automate:
o Scan execution and reporting
o Ticket creation and tracking (Jira or similar)
· Ensure shift-left security adoption across engineering teams
Vulnerability Management G Reporting
· Track vulnerability lifecycle:
o Identification → Triage → Remediation → Closure
· Provide:
o Metrics and dashboards (e.g., SLA compliance, risk trends)
o Executive-ready summaries for leadership
· Support:
o Audit and compliance requirements (ISO, SOC2, etc.)
Developer Enablement
· Act as a trusted advisor to engineering teams
· Provide:
o Remediation guidance and secure coding recommendations
o Documentation, FAǪs, and best practices
· Conduct:
o Developer training and awareness sessions
· 3–6+ years in Application Security, DevSecOps, or Secure Development
· Hands-on experience with:
o SAST and/or SCA tools in enterprise environments
· Experience working closely with development teams and CI/CD pipelines
Technical Skills
· Strong knowledge of:
o OWASP Top 10
o Secure coding practices (Java, Python, C/C++, JavaScript, etc.)
· Experience with SAST tools such as:
o Checkmarx, Fortify, Veracode, CodeǪL
· Experience with SCA tools such as:
o Snyk, Black Duck, Mend, Dependabot