Information Security Engineer

Snapshot:

Millions of subscribers trust Synchronoss to safeguard their most cherished memories and important digital content.

** This position is not eligible for sponsorship.**

This role will involve working closely with developers, IT operations teams and information security professionals to ensure that our products are secure by design.

How you will help::

• Collaborate with engineering, IT, and product teams to define, integrate, and improve application security controls in CI/CD pipelines and at each stage of the SDLC.
• Ensure compliance with relevant standards and regulatory frameworks (e.g., OWASP, NIST), and support internal and external security audits.
• Lead and facilitate secure code reviews, providing actionable feedback and guiding remediation efforts in alignment with secure coding best practices and standards.
• Perform detailed analysis of SAST, DAST, IaC, Open Source and container/image security findings.
• Suppress, tune, and manage security tool rules and policies to maximize effectiveness and reduce false positives across SAST, DAST, SCA/OSA, and IaC solutions
• Develop and maintain scripts, automation, or integrations that support proactive security monitoring and reporting.
• Stay up-to-date with industry trends and emerging technologies in Application Security, DevSecOps, and apply this knowledge to continuously improve our processes and tools.

Who we have in mind::

• Bachelor’s degree in Information Technology, Cyber Security, Computer Security, Computer Science, or related field required.
• 5+ years of experience in application or product security, cybersecurity.
• In-depth knowledge and hands-on experience with code review processes, static code analysis, manual code inspections, and secure coding practices.
• Experience designing and improving automation in CI/CD pipelines (Jenkins, Bamboo) to support repeatable security testing and integration.
• Strong understanding of the CVSS (Common Vulnerability Scoring System) calculator; ability to accurately score vulnerabilities and articulate risk to stakeholders.
• Knowledge of SAST, DAST, SCA/OSA, IaC, and container image analysis tools.
• Proficient with industry-standard programming languages (such as Java, Python, C#, or JavaScript).
• Familiarity with cloud-based infrastructure management using technologies like AWS, Azure.
• Strong analytical and problem-solving skills, with the ability to communicate technical information to non-technical stakeholders.
• Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.

It would be great if you had::

• Certifications such as CISSP, CSSLP, SANS, CDP, ECDE or CompTIA Security+.
• Experience with tools like Fortify Suite, Nmap, Nessus, Burp suite, Metasploit, Rapid7, Rapid7 InsightAppSec, Rapid7 InsightVM, Lacework, Sonatype Suite, Snyk, Nuclei.
• Knowledge of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
• Experience in the J2EE technology or .Net stacks
• Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.

What we offer::

We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond.