Director of Software Security
Cadence · San Jose, CA · 4 wk ago
Information Technology$165k–$306k/yrFull-time
Key Responsibilities
- Define and execute enterprise DevSecOps strategy across all development teams
- Integrate security controls into CI/CD pipelines (build, test, release)
- Establish “shift-left” security practices across the SDLC
- Drive adoption of secure coding, SAST, DAST, and SCA tools
- Define reference architectures for secure microservices, APIs, and cloud-native apps
- Lead threat modeling initiatives
- Ensure secure API design and zero trust principles
- Lead compliance initiatives for:Cybersecurity Maturity Model Certification (CMMC 2.0), NIST SP 800-171r2 /800-53, ISO 27001
- Coordinate audits, assessments, and continuous monitoring programs
- Implement controls for handling Controlled Unclassified Information (CUI)
- Secure DevOps pipelines across cloud platforms: Amazon AWS, Microsoft Azure, Google Cloud, IBM Cloud
- Implement infrastructure-as-code (IaC) security scanning
- Define secrets management, identity, and access controls
- Build and scale AppSec program across all product lines
- Define vulnerability management lifecycle (discovery → remediation → validation)
- Establish bug bounty / responsible disclosure programs
- Integrate security into Agile and CI/CD workflows
- Secure software supply chain (SBOM, dependency scanning)
- Implement artifact signing, provenance, and integrity validation
- Define policies, standards, and secure development guidelines
- Align software security with enterprise risk management
Required Qualifications
- 12–15+ years in cybersecurity, with strong focus on application security and DevSecOps
- 5+ years in leadership (manager/director level)
- Deep expertise in: Secure SDLC and DevSecOps pipelines, Cloud-native architectures and container security, Regulatory frameworks (CMMC, NIST, ISO)
- Experience in regulated industries (defense, government, healthcare, fintech)
Preferred Qualifications
- Hands-on experience with tools such as:SAST: Checkmarx, Veracode, DAST: Burp Suite, SCA: Snyk, Black Duck, CI/CD: Jenkins, GitHub Actions
- Familiarity with Kubernetes, Docker, and service mesh security
- Certifications: CISSP, CSSLP, CISM, or CCSP
Key Skills
- DevSecOps Transformation
- Secure Software Architecture
- Regulatory Compliance (CMMC, NIST, ISO)
- Application Security & Threat Modeling
- Software Supply Chain Security (SBOM, SLSA)
- Cloud & Container Security
- Executive Communication & Strategy
Pay & Benefits
The annual salary range for California is $164,500 to $305,500. You may also be eligible to receive incentive compensation: bonus, equity, and benefits.
Our benefits programs include: paid vacation and paid holidays, 401(k) plan with employer match, employee stock purchase plan, a variety of medical, dental and vision plan options, and more.