Associate Principal Security Consultant

Synopsys is looking for a full-time Associate Principal Security Consultant to parachute in wherever software insecurity invades, and to stomp out bugs and flaws wherever they hide.

About Synopsys Software Integrity Group (SIG)

Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle. For more information, go to www.synopsys.com/software.

As Synopsys engages with clients in the application of our software security improvement methodologies, the Associate Principal Security Consultant joins in the execution and delivery of planned project deliverables and milestones that assist clients in learning, understanding, and applying Synopsys’s secure software development methodologies. In this position, the Associate Principal Security Consultant understands and leads the managed services work delivery and executes as per the defined methodologies and practices. The Associate Principal Security Consultant typically has task responsibility within one project and develops the capability to perform tasks within one or more of Synopsys’s security practices. The Associate Principal Security Consultant continuously learns, expands and shares his/her technical competence. Associate Principal Security Consultants do most of their work from the office, but sometimes go on site to help customers exterminate the bugs and untangle the flaws that make their systems insecure. Our Associate Principal Security Consultants make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments.

Roles Include

• Network Penetration Testing

• Software Penetration Testing

• Application Reverse Engineering

Qualifications and Experience

Technical skills

• Minimum of 5-7 years of relevant skills as listed below

• Experience performing web application penetration testing

• Experience conducting reverse engineering

• Experience with Red Team tactics such as social engineering

• Experience with security tools like Burp, Appscan, IDA, Nesus, Metasploit, etc.

• Experience with network security penetration testing

• Experience conducting secure code review

• Experience with any combination of the following languages such C/C++, ASP.NET, Java, Java EE, multiple RDBMS

• Experience with any combination of other languages (e.g. JavaScript, Python, Ruby, PHP, Perl, COBOL, SQL, or Assembly)

• Experience with
OS such as Linux, Mac OSX, iOS, Blackberry, Android, or Windows

• Familiarity with software security weakness, vulnerability and secure code review

• Familiarity with software attack and exploitation techniques

• Familiarity with network post-exploitation techniques

• Familiarity with MITRE ATT&CK Framework

• Familiarity with Kali Linux

• Familiarity with at least one software programming language and framework

• Familiarity with the concepts of defensive programming, OWASP Top-10, and SANS Top 25 vulnerabilities

• Familiarity with risk scoring standards such as NIST 800-30 r1, CVSS v3

• Familiarity with PCI-DSS

• Ability to interface with clients, utilizing consulting and negotiating skills

• Ability to undertake and complete tasks independently, meet schedules & delivery timelines, and to move swiftly from concepts and theory to action

• Ability to prioritize and switch gears in a time-sensitive managed services environment

• Ability to identify risks and take due course of action to either address or escalate risks to appropriate stake holders

• Ability to lead multiple project teams; give directions and ensure that tasks are executed consistently

• Ability to mentor and help develop or improve skillsets of a team

• Ability to monitor and track the progress of team members and help them achieve career goals

• People: You can lead a team, give direction, and ensure tasks are executed consistently

• People: You can mentor team members to take on leadership roles and assist them in becoming team leads

• Projects: You can demonstrate the ability to plan, execute and closeout multi-person projects

• Projects: Tracking the progress of projects while keeping resource management informed

• Written communication skills for use in preparing formal documentation, Statements of Work, proposals, white papers, and case studies

• Verbal skills that include the ability to clearly articulate thoughts and to deliver presentation and training to all levels of management

• You are enthusiastic and committed to your work. You do this because you love it

• You’ve got an entrepreneurial drive and want to help grow this business

• Willingness to travel up 50%

Education and Certifications

Bachelor’s Degree or Master’s Degree in Computer Science/Engineering or equivalent

USA – Arizona – Chandler, USA – Arizona – Tucson, USA – Colorado – Denver, USA – Florida – Oviedo, USA – Georgia – Atlanta, USA – Illinois – Chicago, USA – Illinois – Schaumburg, USA – Indiana – Bloomington, USA – Indiana – Indianapolis, USA – Maryland – Columbia, USA – Massachusetts – Boston, USA – Massachusetts – Burlington, USA – Michigan – Detroit, USA – Minnesota – Bloomington, USA – Minnesota – Minneapolis, USA – New Jersey – Newark, USA – New York – New York City, USA – North Carolina – Durham, USA – Ohio – Cincinnati, USA – Ohio – Columbus, USA – Oregon – Hillsboro, USA – Pennsylvania – Allentown, USA – Tennessee – Nashville, USA – Texas – Austin, USA – Texas – Dallas, USA – Virginia – Dulles, USA – Washington – Seattle, USA – Washington DC