Information Security Engineer

Snapshot Synchronoss Technologies Nasdaq SNCR builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways The company s collection of products helps streamline networks simplify onboarding and engage subscribers to unleash new revenue streams reduce costs and increase speed to market Hundreds of millions of subscriber s trust Synchronoss products to stay in sync with the people services and content they love We are seeking an experienced Senior Information Security Engineer who will play a critical role in securing Synchronoss products throughout the software development lifecycle As a Information Security Engineer you will focus on the integration and optimization of security practices including Static and Dynamic application security testing Infrastructure as code and Software Composition Analysis as well as automating processes using Python or other scripting technologies This role will involve working closely with developers IT operations teams and information security professionals to ensure that our products are secure by design How you will help Collaborate with engineering IT and product teams to define integrate and improve application security controls in CI CD pipelines and at each stage of the SDLC Ensure compliance with relevant standards and regulatory frameworks e g OWASP NIST and support internal and external security audits Lead and facilitate secure code reviews providing actionable feedback and guiding remediation efforts in alignment with secure coding best practices and standards Perform detailed analysis of SAST DAST IaC Open Source and container image security findings Suppress tune and manage security tool rules and policies to maximize effectiveness and reduce false positives across SAST DAST SCA OSA and IaC solutions Develop and maintain scripts automation or integrations that support proactive security monitoring and reporting Stay up-to-date with industry trends and emerging technologies in Application Security DevSecOps and apply this knowledge to continuously improve our processes and tools Who we have in mind Bachelor s degree in Information Technology Cyber Security Computer Security Computer Science or related field required 6 years of experience in application or product security cybersecurity In-depth knowledge and hands-on experience with code review processes static code analysis manual code inspections and secure coding practices Experience designing and improving automation in CI CD pipelines Jenkins Bamboo to support repeatable security testing and integration Strong understanding of the CVSS Common Vulnerability Scoring System calculator ability to accurately score vulnerabilities and articulate risk to stakeholders Knowledge of SAST DAST SCA OSA IaC and container image analysis tools Proficient with industry-standard programming languages such as Java Python C or JavaScript Familiarity with cloud-based infrastructure management using technologies like AWS Azure Strong analytical and problem-solving skills with the ability to communicate technical information to non-technical stakeholders Ability to organize plan and implement work assignments prioritize competing demands and work under pressure of frequent and tight deadlines It would be great if you had Certifications such as CISSP CSSLP SANS CDP ECDE or CompTIA Security Experience with tools like Fortify Suite Nmap Nessus Burp suite Metasploit Rapid7 Rapid7 InsightAppSec Rapid7 InsightVM Lacework Sonatype Suite Snyk Nuclei Knowledge of common vulnerabilities and how to find and verify them authentication e g secure transmission weak login mechanisms backend authentication weak SSL configuration authorization e g session handling replay fixation client-side attacks e g XSS CSRF information disclosure e g error handling debug information code injection e g SQL OS commands buffer overflow format strings logic attacks e g lockout flooding insufficient anti-automation spoofing review of secure configuration of OS and network devices Experience in the J2EE technology or Net stacks Excellent communication skills written verbal in English a must to be able to present complex technical topics in a clear and structured way ability to moderate discussions meetings and projects Being able to assume role as a trusted topic matter expert What we offer Synchronoss is proud to be an Equal Opportunity Employer As a global company we value and celebrate diversity and are committed to a workplace free from discrimination and harassment We take pride in fostering an inclusive environment based on mutual respect and merit We are at our best when our workforce is dynamic in thought experience skill set race age gender sexual orientation sexual expression national origin and beyond