Snapshot:
Synchronoss Technologies (Nasdaq: SNCR) builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways. The company's collection of products helps streamline networks, simplify onboarding, and engage subscribers to unleash new revenue streams, reduce costs and increase speed to market. Hundreds of millions of subscriber's trust Synchronoss products to stay in sync with the people, services, and content they love.
We are seeking a talented and experienced DevSecOps Engineer to join our team at Synchronoss. As a DevSecOps Engineer, you will be responsible for implementing security practices throughout the software development lifecycle (SDLC) preventing vulnerabilities from entering the codebase in the first place. This role will involve working closely with developers, IT operations teams and information security professionals to ensure that our products are secure by design.
How you will help::
- Collaborate with cross-functional teams to design and implement security controls and tools that integrate security testing, compliance monitoring, and continuous integration/continuous delivery (CI/CD) workflows
- Comply with relevant standards and regulatory requirements, such as OWASP and NIST
- Work with internal customers to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
- Develop training on secure coding techniques and security awareness for technical staff (e.g., software developers).
- Stay up-to-date with industry trends and emerging technologies in DevSecOps, and apply this knowledge to continuously improve our processes and tools.
Who we have in mind::
- Bachelor's degree in Information Technology, Cyber Security, Computer Security, Computer Science, or related field required.
- 3+ years of experience in application or product security, cybersecurity.
- Experience automation orchestration platforms like Bamboo or Jenkins.
- Strong understanding of software development lifecycle.
- Familiarity with SAST, DAST, OSA and Container image analysis tools.
- Knowledge of programming languages such as Java, Python, C#, or JavaScript.
- Familiarity with cloud-based infrastructure management using technologies like AWS, Azure.
- Strong analytical and problem-solving skills, with the ability to communicate technical information to non-technical stakeholders.
- Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.
It would be great if you had::
- Certifications such as CISSP, SANS, CDP, ECDE or CompTIA Security+.
- Experience with tools like Fortify Suite, Nmap, Nessus, Burp suite, Metasploit, Rapid7, Rapid7 InsightAppSec, Rapid7 InsightVM, Lacework, Sonatype Suite, Snyk, Nuclei.
- Knowledge of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
- Experience in the J2EE technology or .Net stacks
- Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.
What we offer::
Synchronoss is proud to be an Equal Opportunity Employer. As a global company, we value and celebrate diversity and are committed to a workplace free from discrimination and harassment. We take pride in fostering an inclusive environment based on mutual respect and merit. We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond.
