Synopsys Software Integrity Group helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to www.synopsys.com/software
About Tinfoil Security (recently acquired by Synopsys!):
We write tools that are used to secure the largest web applications and APIs in the world. If you've ever watched a video or streamed music online, your data has probably been secured by code we've written. To date, our software has found and fixed over two million security vulnerabilities on the web.
We hook security into CI and testing frameworks and have security tests run alongside unit, regression, and integration tests. Using the same techniques as malicious hackers, we systematically test all the access points. As we find vulnerabilities we’ll stick them right back in front of developers, either in a simple checklist format or by integrating into their issue tracker of choice, instantly notifying developers when there's a threat and giving step-by-step instructions, tailored to their software stack, to eliminate it.
We’re not limited by technologies or software stacks. Be it a website or API driven mobile app or IoT device, we can secure it.
Lead / Architect Silicon Valley, CA, United States
Lead Architect San Francisco, CA, United States or Silicon Valley, CA, United States
Software Engineer Silicon Valley, CA, United States
UX designer Silicon Valley, CA, United States
Why join us?
We just got acquired, and are growing rapidly! We're starting an exciting period of product growth and development, and have an amazing team culture, and are doubling the size of our engineering team this year. We actually already feel like we've acquired a much larger team of people with the same goals as us, rather than the other way around.
We have a team of brilliant and diverse minds to collaborate with, comprised of individuals like MIT and Waterloo Alumni, to San Francisco based coding boot-camp grads. We've also won DEFCON CTF and countless other CTFs around the world. And that's just the Tinfoil team. :)
We have insanely interesting and varied technical challenges; the Tinfoil team has two products, one written in Ruby/Rails and another written in Elixir/Phoenix, and the wider Synopsys SIG team has many more. You'll be exposed to a ton of different languages and stacks.
Engineering at Synopsys
Having just gotten acquired, our engineering team structure hasn't changed very much. Every three weeks the whole team meets up to discuss the last three weeks and any engineering priorities for the upcoming three weeks. We use a Kanban board to track tasks and when they're completed.
Engineers are responsible for designing, implementing, and testing their tasks. We often work collaboratively, but engineers are expected to be able to do some individual research before we decide on a course of action. One of our values is that when you're working on something hard, you should ask someone for a second pair of eyes, even if you think you've got a great solution already. We code-review and run code changes through our automated CI system, and we've built tooling to help simplify deployments to be a single click of a button away.
1) Building distributed systems that scale and reduce complexity
2) Security engineering and vulnerability discovery / exploitation
3) Using both OOP and Functional programming to solve problems
4) Focus on UI, usability, and design
5) Conceptualize, build, test, deploy - it's all your job!
Our customers had asked for a way to add two-factor authentication to better protect their accounts on our webapp. We researched the space and decided that we wanted to implement this as an extension to the Devise authentication library for Ruby on Rails. We implemented the ruby gem and released it as an open source library (https://github.com/tinfoil/devise-two-factor) — it's now in use by sites such as GitLab and is the most popular two factor solution for Rails.
Our security scanner can use login data to automatically try to log into a web application. If the scanner is unable to automatically figure it out or has to answer security questions we wanted a way to be able to teach the scanner how to perform these actions. We implemented a Chrome extension to record actions a user takes on a website and then our scanner can replay those whenever it needs to log in.
We wanted a way to be able to automate our deployments. We also used this opportunity to try out the Phoenix web application framework for Elixir (and Elixir itself). We built an internal webapp to manage services and deployment profiles, and keep track of what versions of software were currently deployed. It can run new deployments from docker images and now deploying any of our software is just a button-click away.
Working at Synopsys
Culture is very dear to our hearts! We care a lot about our team and are passionate about fostering a healthy, inclusive and supportive work environment, where employees feel safe to express their voice and work on projects they are passionate about.
We are a highly talented and fun bunch of people, with unique interests to connect over, and filled with positive energy! We believe that the best work is done when great minds come together, and we encourage collaboration and pairing whenever possible. We are also passionate about learning! We encourage curiosity on our team and support trying new tools (or languages) when appropriate.
A day at Synopsys is never boring and we are always looking for ways to be even better! :)
Synopsys has a flexible vacation policy (with manager approval).
We have a GlobalFit offering and other wellness programs you can take part in.
We provide full medical, dental and vision insurance.
Office hours are very flexible, with our core office hours being between 11am and 3pm. This allows employees to plan their commute to work, or other appointments without stress. In addition, while the expectation is that employees work from the office, occasional work from home days for personal reasons are accommodated.
Work from Home
As mentioned in
flexible hours, the expectation is that employees work from the office in general, however occasional work from home days are accommodated for personal reasons.
We have bright, fun and open office spaces, with plenty of spots for you to nestle into a couch, or sit on the balcony if you need a change from your desk space. The office also has a great cafeteria space, and is walking distance from restaurants, Starbucks, Peet's, grocery stores, etc.
While we don't provide meals for employees (except on rare occasions), there are snacks available for brain power! These range from sweet to savory, and include healthy items too! :)
We offer a matched 401k plan.
First 4 weeks at full salary, then 8 additional weeks of FMLA leave.
We encourage engineers to attend local conferences and submit papers and talks!
If you have to commute to work, you're eligible for reimbursement and/or a Caltrain pass.
We offer a charity matching program through Synopsys Shares, for charitable 501(c)(3) organizations!
There are always tons of events hosted by Synopsys at the various offices, including donut days, beer clubs, etc. We're often collaborating on Slack to find fun ways to hang out. :)
Check out all of the other crazy awesome benefits at https://benefits.synopsys.com!
Interested in this company?
Skip straight to final-round interviews by applying through Triplebyte.