Job Description and Requirements
Synopsys is looking for a Security Consultant to parachute in wherever software insecurity invades and to stomp out bugs and flaws wherever they hide.
About Synopsys Software Integrity Group (SIG)
Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to www.synopsys.com/software.
As Synopsys engages with clients in the application of our software security improvement methodologies, the Security Consultant joins in the execution and delivery of planned project deliverables and milestones that assist clients in learning, understanding, and applying Synopsys’s secure software development methodologies. The Security Consultant typically has task responsibility within one project and develops the capability to perform tasks within one or more of Synopsys’s security practices. The Security Consultant continuously learns and expands his/her technical competence. Security Consultants do some work from the office/home, but often go on site to help customers exterminate the bugs and untangle the flaws that make their systems insecure. Our Security Consultants make themselves and their team indispensable advisors to our customers: they build the relationships that help create and identify follow-on assignments.
Qualifications and Experience
• Solid understanding of application security testing (both web and mobile) with deep understanding of OWASP Top 10 and CWE 25
• Experience in network penetration testing, source code review and risk categorization
• Expertise in common security tools (code review, open source scanning and pen testing) and knowledge of integrating these tools within Continuous Integration workflow is a plus
• Well versed on move-left strategy within the SSDLC
• Knowledge of Threat Modeling and Bug bounty is a plus
• Ability to effectively present and communicate security threats and remediation guidance to developers and articulating business risks to the stakeholders
• 3+ years of relevant security experience
• Ensure to take ownership of the assigned tasks, collaborate with practice leads, bring consensus to diverse solutions and deliver the project with high quality
• Ability to interface with clients to quickly digest any issues/problem statement and ensure prompt follow up on the possible solutions
• Written communication skills for use in preparing formal documentation, white papers, and case studies
• Verbal skills that include the ability to clearly articulate thoughts and to deliver presentation and training to all levels of management
• Ability to persuade
Education and Certifications
• Bachelor’s Degree in Computer Science, Engineering or equivalent. Master’s Degree preferred
• Bonus points for community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc.
Apply for job
To view the job application please visit sjobs.brassring.com.