Information Security Engineer

Synchronoss Technologies (Nasdaq: SNCR) builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways. The company’s collection of products helps streamline networks, simplify onboarding, and engage subscribers to unleash new revenue streams, reduce costs and increase speed to market. Hundreds of millions of subscriber’s trust Synchronoss products to stay in sync with the people, services, and content they love.

We are seeking an experienced Senior Information Security Engineer who will play a critical role in securing Synchronoss products throughout the software development lifecycle. As a Information Security Engineer, you will focus on the integration and optimization of security practices, including Static and Dynamic application security testing, Infrastructure as code and Software Composition Analysis, as well as automating processes using Python or other scripting technologies. This role will involve working closely with developers, IT operations teams and information security professionals to ensure that our products are secure by design.

• Collaborate with engineering, IT, and product teams to define, integrate, and improve application security controls in CI/CD pipelines and at each stage of the SDLC.
• Ensure compliance with relevant standards and regulatory frameworks (e.g., OWASP, NIST), and support internal and external security audits.
• Lead and facilitate secure code reviews, providing actionable feedback and guiding remediation efforts in alignment with secure coding best practices and standards.
• Perform detailed analysis of SAST, DAST, IaC, Open Source and container/image security findings.
• Suppress, tune, and manage security tool rules and policies to maximize effectiveness and reduce false positives across SAST, DAST, SCA/OSA, and IaC solutions
• Develop and maintain scripts, automation, or integrations that support proactive security monitoring and reporting.
• Stay up-to-date with industry trends and emerging technologies in Application Security, DevSecOps, and apply this knowledge to continuously improve our processes and tools.

• Bachelor’s degree in Information Technology, Cyber Security, Computer Security, Computer Science, or related field required.
• 6+ years of experience in application or product security, cybersecurity.
• In-depth knowledge and hands-on experience with code review processes, static code analysis, manual code inspections, and secure coding practices.
• Experience designing and improving automation in CI/CD pipelines (Jenkins, Bamboo) to support repeatable security testing and integration.
• Strong understanding of the CVSS (Common Vulnerability Scoring System) calculator; ability to accurately score vulnerabilities and articulate risk to stakeholders.
• Knowledge of SAST, DAST, SCA/OSA, IaC, and container image analysis tools.
• Proficient with industry-standard programming languages (such as Java, Python, C#, or JavaScript).
• Familiarity with cloud-based infrastructure management using technologies like AWS, Azure.
• Strong analytical and problem-solving skills, with the ability to communicate technical information to non-technical stakeholders.
• Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.

• Certifications such as CISSP, CSSLP, SANS, CDP, ECDE or CompTIA Security+.
• Experience with tools like Fortify Suite, Nmap, Nessus, Burp suite, Metasploit, Rapid7, Rapid7 InsightAppSec, Rapid7 InsightVM, Lacework, Sonatype Suite, Snyk, Nuclei.
• Knowledge of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
• Experience in the J2EE technology or .Net stacks
• Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.

Synchronoss is proud to be an Equal Opportunity Employer. As a global company, we value and celebrate diversity and are committed to a workplace free from discrimination and harassment. We take pride in fostering an inclusive environment based on mutual respect and merit. We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond.