City of London
GREAT BRITAIN - London
Job Description and Requirements
At Synopsys, we’re at the heart of the innovations that change the way we work and play. Self-driving cars. Artificial Intelligence. The cloud. 5G. The Internet of Things. These breakthroughs are ushering in the Era of Smart Everything. And we’re powering it all with the world’s most advanced technologies for chip design and software security. If you share our passion for innovation, we want to meet you.
Our software security consulting business is all about enabling customers build security into their software. We do this at all stages: From architecture & design, to implementation, to testing and deployment, as well as,
through improvements to governance and processes surrounding all of software development.
Synopsys Software Security helps customers with immediate tactical needs such as education, software security architecture review, code review, testing, cloud assessment, and mobile and embedded device assessments. We also direct customers through longer term strategic initiatives like DevSecOps pipeline creation, software security maturity action plans, and maturity measurements.
To find out more about SIG, Synopsys check out https://www.synopsys.com/software-integrity.html.
Software Security Consultant
If you are inquisitive, have an urge to know how things work, how to break and fix things and have a passion for building software in the right way, with security built in, we’d love to hear from you.
- Secure Software Design and Architecture (incl. Threat Modelling, Architecture Risk Analysis)
- Full-breadth DevSecOps Consulting Services (People, Process, Technology)
- Web, Mobile & Embedded Penetration Testing
- Secure cloud architecture and review
- Source Code Analysis
- Network Security Analysis
- Application Reverse Engineering
- Database Security Analysis
Qualifications and Experience
- Software security weaknesses, vulnerability and secure code review
- Secure SDLCs and DevSecOps
- Software attack and exploitation techniques
- Cloud security in AWS, Azure or GCP
- Familiarity with at least one Cloud vendor and related security services (Azure, GPC, AWS)
- Familiarity with Docker, Kubernetes, Git, Jenkins, GitLab, Artifactory, HashiCorp Vault a plus
- At least one software programming language and framework
- Concepts of defensive programming, OWASP Top-10, and SANS Top 25 vulnerabilities
- Risk scoring standards such as NIST 800-30 r1, CVSS v3
- Typically requires 2+ years with one or more of C/C++, ASP.NET, Java, Java EE, multiple RDBMS & operating systems.
- Conducting secure code reviews, design reviews, and threat modelling
- Conducting reverse engineering
- Performing application penetration testing
- Multiple OS such as Linux, Mac OSX, iOS, Android, or Windows, their nuances, strengths and weaknesses
- Ability to interface with clients utilising consulting and negotiating skills
- Ability to undertake and complete tasks independently, meet schedules & delivery timelines, and to move swiftly from concepts and theory to action
- Ability to prioritise and switch gears in a time-sensitive managed services environment
- Ability to identify risks and take due course of action to either address or escalate risks to appropriate stakeholders
- Proven experience of producing high quality, actionable, client-orientated reports
- Ability to work with multiple project teams; give and take directions and ensure that tasks are executed consistently
- People: You can work in a team or alone and ensure tasks are executed consistently
- Projects: You can demonstrate the ability to plan, execute and closeout projects
- Projects: Tracking the progress of your own projects while keeping resource management informed
- Written communication skills for use in preparing formal documentation, Statements of Work, proposals, white papers, and case studies
- Verbal skills that include the ability to clearly articulate thoughts and to deliver presentations and training to people with different levels of experience and knowledge
- You are enthusiastic, highly motivated and committed to your work. You do this because you love it.
- Constantly inquisitive, have an urge to know how things work, how to break and fix things and have a passion for building software in the right way, with security built in
- Flexibility and willingness to travel
Education and Certifications
- Bachelor’s Degree or Master’s Degree in Computer Science/Engineering or equivalent experience
- Desirable - Master’s Degree in cybersecurity related field
- Desirable - Industry certifications including, but not limited to, OSCP, CHECK Team Leader, CREST certified
Inclusion and Diversity are important to us. Synopsys considers all applicants for employment without regard to race, colour, religion, national origin, gender, sexual orientation, gender identity, age, military veteran status, or disability.
Software Security Consulting