Job description
Snapshot:
The Cyber Security / Application Security Engineer will play a critical role in code security and secure software development life cycle. It will encompass a broad range of information security controls to ensure the confidentiality, integrity, and availability of enterprise data stored on a variety of vendor database solutions. The job is composed of tactical, operational and strategic functions and responsibilities. How you will help::
Synchronoss Technologies (Nasdaq: SNCR) builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways. The company’s collection of products helps streamline networks, simplify onboarding, and engage subscribers to unleash new revenue streams, reduce costs and increase speed to market. Hundreds of millions of subscribers trust Synchronoss products to stay in sync with the people, services, and content they love. That’s why more than 1,500 talented Synchronoss employees worldwide strive each day to reimagine a world in sync
The Cyber Security / Application Security Engineer will play a critical role in code security and secure software development life cycle. It will encompass a broad range of information security controls to ensure the confidentiality, integrity, and availability of enterprise data stored on a variety of vendor database solutions. The job is composed of tactical, operational and strategic functions and responsibilities.
- Conduct static and dynamic analysis on a variety of code bases and platforms.
- Through standard enterprise tools, discover security vulnerabilities in web and mobile applications and provide recommended remediation steps to developers.
- Recommend industry best practices for vulnerability and threat management remediation.
- Document findings for management and technical staff and recommend mitigating actions.
- Work with internal customers to determine their need for security assessments, present and explain the employed methodology, and support them with feedback and verification during mitigation.
- Develop training on secure coding techniques and security awareness for technical staff (e.g., software developers).
- Bachelor’s Degree in Information Technology, Cyber Security, Computer Security, Computer Science or related field required.
- Awareness of web and mobile application develeopment.
- Knowledge of the J2EE technology stack
- Knowlegde of the .Net stack a plus
- 5+ years experience in application or product security.
- Familiarity with SAST, DAST, OSA and Container image analysis tools
- Ability to maintain composure in a dynamic environment.
- Individual must be proactive, self-motivated, detail-oriented, creative, inquisitive and persistent.
- Strong leadership skills, including ability to execute and prioritize a number of tasks simultaneously.
- Ability to organize, plan and implement work assignments, prioritize competing demands and work under pressure of frequent and tight deadlines.
- Experience in conducting and facilitating discussions with employees across all levels & departments.
- Practical development experience in web or mobile application development
- Excellent up-to-date technical and hands-on knowledge and experience in current applicaiton attack methods, penetration testing methods, and security testing tools, specifically for web and mobile applications.
- Tools: Fortify Suite, NMap, Nessus, Burp suite, Metasploit, Rapid7 AppSpider, Rapid7 InsightAppSec, Rapid7 InsightVM, Aqua
- Knowlage of common vulnerabilities and how to find and verify them: authentication (e.g., secure transmission, weak login mechanisms, backend authentication, weak SSL configuration), authorization (e.g., session handling, replay, fixation), client-side attacks (e.g., XSS, CSRF), information disclosure (e.g., error handling, debug information), code injection (e.g., SQL, OS commands, buffer overflow, format strings), logic attacks (e.g., lockout, flooding, insufficient anti-automation, spoofing), review of secure configuration of OS and network devices
- Experience inthe J2EE technology or .Net stacks
- Knowledge of Cyber Security Threat & Risk Assessments, Secure Coding, conducting workshops on Cyber Security topics, and Secure Development Lifecycle is a plus
- Excellent communication skills (written & verbal) in English a must to be able to present complex technical topics in a clear and structured way, ability to moderate discussions, meetings, and projects. Being able to assume role as a trusted topic matter expert.
Synchronoss Technologies (Nasdaq: SNCR) builds software that empowers companies around the world to connect with their subscribers in trusted and meaningful ways. The company’s collection of products helps streamline networks, simplify onboarding, and engage subscribers to unleash new revenue streams, reduce costs and increase speed to market. Hundreds of millions of subscribers trust Synchronoss products to stay in sync with the people, services, and content they love. That’s why more than 1,500 talented Synchronoss employees worldwide strive each day to reimagine a world in sync.
seankuhnke.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, seankuhnke.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, seankuhnke.com is the ideal place to find your next job.