Information Security Engineer

Synchronoss Technologies, a global leader in personal cloud solutions, empowers service providers to establish secure and meaningful connections with their subscribers. Our SaaS cloud platform simplifies onboarding processes and fosters subscriber engagement using artificial intelligence (AI), machine learning, and other advanced features, resulting in enhanced revenue streams, reduced expenses, and faster time-to-market. Millions of subscribers trust Synchronoss to safeguard their most cherished memories and important digital content.

** This position is not eligible for sponsorship.**

We are seeking an experienced Information Security Engineer who will play a critical role in securing Synchronoss products throughout the software development lifecycle. As a Information Security Engineer, you will focus on the integration and optimization of security practices, including Static and Dynamic application security testing, Infrastructure as code and Software Composition Analysis, as well as automating processes using Python or other scripting technologies. This role will involve working closely with developers, IT operations teams and information security professionals to ensure that our products are secure by design.

• Collaborate with engineering, IT, and product teams to define, integrate, and improve application security controls in CI/CD pipelines and at each stage of the SDLC.
• Experience designing and improving automation in CI/CD pipelines (Jenkins, Bamboo) to support repeatable security testing and integration.
• Perform detailed analysis of SAST, DAST, IaC, Open Source and container/image security findings.
• Knowledge of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
• Proficient with industry-standard programming languages (such as Java, Python, C#, or JavaScript).
• Strong understanding of the CVSS (Common Vulnerability Scoring System) calculator; ability to accurately score vulnerabilities and articulate risk to stakeholders.
• Familiarity with cloud-based infrastructure management using technologies like AWS, Azure
• Experience in the J2EE technology or .Net stacks
• Ensure compliance with relevant standards and regulatory frameworks (e.g., OWASP, NIST), and support internal and external security audits.
• Lead and facilitate secure code reviews, providing actionable feedback and guiding remediation efforts in alignment with secure coding best practices and standards.
• Suppress, tune, and manage security tool rules and policies to maximize effectiveness and reduce false positives across SAST, DAST, SCA/OSA, and IaC solutions
• Develop and maintain scripts, automation, or integrations that support proactive security monitoring and reporting.
• Stay up-to-date with industry trends and emerging technologies in Application Security, DevSecOps, and apply this knowledge to continuously improve our processes and tools.

• Bachelor’s degree in Information Technology, Cyber Security, Computer Security, Computer Science, or related field required.
• 5+ years of experience in application or product security, cybersecurity.
• In-depth knowledge and hands-on experience with code review processes, static code analysis, manual code inspections, and secure coding practices.
• Knowledge of SAST, DAST, SCA/OSA, IaC, and container image analysis tools.
• Strong analytical and problem-solving skills, with the ability to communicate technical information to non-technical stakeholders.
• Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.

• Certifications such as CISSP, CSSLP, SANS, CDP, ECDE or CompTIA Security+.
• Experience with tools like Fortify Suite, Nmap, Nessus, Burp suite, Metasploit, Rapid7, Rapid7 InsightAppSec, Rapid7 InsightVM, Lacework, Sonatype Suite, Snyk, Nuclei.
• Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.

Synchronoss is proud to be an equal opportunity employer. As a global company, we value and celebrate diversity and are committed to a workplace free from discrimination and harassment. We take pride in fostering an inclusive environment based on mutual respect and merit. We are at our best when our workforce is dynamic in thought, experience, skill set, race, age, gender, sexual orientation, sexual expression, national origin and beyond.