Director of Software Security

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Cadence Info Sec is seeking a Director of Software Security to lead the strategy, architecture, and execution of secure software development practices across the enterprise. This role will drive Dev Sec Ops  transformation, ensure compliance with regulatory frameworks (including CMMC), and embed security throughout the software lifecycle (SDLC).

• Define and execute enterprise Dev Sec Ops  strategy across all development teams
• Integrate security controls into CI/CD pipelines (build, test, release)
• Establish “shift-left” security practices across the SDLC
• Drive adoption of secure coding, SAST, DAST, and SCA tools
• Define reference architectures for secure microservices, APIs, and cloud-native apps
• Establish security patterns for containers, Kubernetes, and serverless
• Lead threat modeling initiatives
• Ensure secure API design and zero trust principles
• Lead compliance initiatives for CMMC 2.0, NIST SP 800-171r2 /800-53, ISO 27001
• Ensure software systems meet federal, defense, and privacy regulations
• Coordinate audits, assessments, and continuous monitoring programs
• Implement controls for handling Controlled Unclassified Information (CUI)
• Secure Dev Ops pipelines across cloud platforms:
  Amazon AWS, Microsoft Azure, Google Cloud, IBM Cloud, Cadence software service and products
• Implement infrastructure-as-code (IaC) security scanning
• Define secrets management, identity, and access controls
• Build and scale App Sec program across all product lines
• Define vulnerability management lifecycle (discovery → remediation → validation)
• Establish bug bounty / responsible disclosure programs
• Integrate security into Agile and CI/CD workflows
• Secure software supply chain (SBOM, dependency scanning)
• Implement artifact signing, provenance, and integrity validation
• Define policies, standards, and secure development guidelines
• Establish KPIs: vulnerability remediation SLA, code coverage, pipeline security
• Align software security with enterprise risk management
• Report posture to executive leadership and board
• Lead teams of App Sec engineers, Dev Sec Ops  engineers, and architects
• Partner with Engineering, Product, Legal, and Compliance teams
• Build security champions program within development teams
• Influence engineering culture toward security ownership

• 12–15+ years in cybersecurity, with strong focus on application security and Dev Sec Ops
• 5+ years in leadership (manager/director level)
• Deep expertise in Secure SDLC and Dev Sec Ops  pipelines, Cloud-native architectures and container security, Regulatory frameworks (CMMC, NIST, ISO)
• Experience in regulated industries (defense, government, healthcare, fintech)

• Hands‑on experience with tools such as SAST (Checkmarx, Veracode), DAST (Burp Suite), SCA (Snyk, Black Duck), CI/CD (Jenkins, Git Hub Actions)
• Familiarity with Kubernetes, Docker, and service mesh security
• Certifications:
  
  CISSP, CSSLP, CISM, or CCSP
• Experience with Zero Trust and identity‑first security

• Dev Sec Ops  Transformation
• Secure Software Architecture
• Regulatory Compliance (CMMC, NIST, ISO)
• Application Security & Threat Modeling
• Software Supply Chain Security (SBOM, SLSA)
• Cloud & Container Security
• Executive Communication & Strategy

The annual salary range for California is $164,500 to $305,500. You may also be eligible to receive incentive compensation: bonus, equity, and benefits. Our benefits programs include paid vacation and paid holidays, 401(k) plan with employer match, employee stock purchase plan, and a variety of medical, dental and vision plan options.

Cadence is committed to equal employment opportunity throughout all levels of the organization. All qualified applicants will receive consideration for employment without regard to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, basis of disability, or any other protected class.