Information Security Engineer

Posted Date 18 hours ago(7/29/2025 3:13 AM)
Location : Location IN-Bangalore
Type
FTE
iCIMS ID
2025-6467

Snapshot

Synchronoss Technologies (Nasdaq: SNCR) builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways. The company’s collection of products helps streamline networks, simplify onboarding, and engage subscribers to unleash new revenue streams, reduce costs and increase speed to market. Hundreds of millions of subscriber’s trust Synchronoss products to stay in sync with the people, services, and content they love.

 

We are seeking a talented and experienced DevSecOps Engineer to join our team at Synchronoss. As a DevSecOps Engineer, you will be responsible for implementing security practices throughout the software development lifecycle (SDLC) preventing vulnerabilities from entering the codebase in the first place. This role will involve working closely with developers, IT operations teams and information security professionals to ensure that our products are secure by design.

How you will help:

  • Collaborate with engineering, IT, and product teams to define, integrate, and improve application security controls in CI/CD pipelines and at each stage of the SDLC.
  • Ensure compliance with relevant standards and regulatory frameworks (e.g., OWASP, NIST), and support internal and external security audits.
  • Lead and facilitate secure code reviews, providing actionable feedback and guiding remediation efforts in alignment with secure coding best practices and standards.
  • Perform detailed analysis of security findings from static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA/OSA), and container/image scanning tools.
  • Triage, prioritize, and drive resolution of application security vulnerabilities by leveraging risk-based approaches, including proper use of the CVSS calculator to assess and communicate the severity of findings.
  • Develop and maintain scripts, automation, or integrations that support proactive security monitoring and reporting.
  • Stay up-to-date with industry trends and emerging technologies in DevSecOps, and apply this knowledge to continuously improve our processes and tools.

Who we have in mind:

  • Bachelor’s degree in Information Technology, Cyber Security, Computer Security, Computer Science, or related field required.
  • 4+ years of experience in application or product security, cybersecurity.
  • In-depth knowledge and hands-on experience with code review processes, static code analysis, manual code inspections, and secure coding practices.
  • Experience designing and improving automation in CI/CD pipelines (Jenkins, Bamboo) to support repeatable security testing and integration.
  • Strong understanding of the CVSS (Common Vulnerability Scoring System) calculator; ability to accurately score vulnerabilities and articulate risk to stakeholders.
  • Knowledge of SAST, DAST, SCA/OSA, and container image analysis tools.
  • Proficient with industry-standard programming languages (such as Java, Python, C#, or JavaScript).
  • Familiarity with cloud-based infrastructure management using technologies like AWS, Azure.
  • Strong analytical and problem-solving skills, with the ability to communicate technical information to non-technical stakeholders.
  • Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.

It would be great if you had:

  • Certifications such as CISSP, SANS, CDP, ECDE or CompTIA Security+.
  • Experience with tools like Fortify Suite, Nmap, Nessus, Burp suite, Metasploit, Rapid7, Rapid7 InsightAppSec, Rapid7 InsightVM, Lacework, Sonatype Suite, Snyk, Nuclei.
  • Knowledge of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
  • Experience in the J2EE technology or .Net stacks
  • Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.

What we offer:

Synchronoss is proud to be an Equal Opportunity Employer. As a global company, we value and celebrate diversity and are committed to a workplace free from discrimination and harassment. We take pride in fostering an inclusive environment based on mutual respect and merit. We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond. 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed