Synechron

Principal Consultant - Cybersecurity & Agentic AI

Synechron$130K — $140K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in software engineering, offensive and defensive security at principal level
  • Advanced knowledge in programming languages (Java, C#, C++, Python, more)
  • Expertise in various vulnerability classes and hands-on exploitation experience
  • Extensive experience in penetration testing, red teaming, and secure code review
  • Proficient in application security testing tools and enterprise vulnerability management
  • Fluent in agentic AI coding tools and frameworks
  • Strong understanding of CI/CD and cloud-native deployment patterns

Responsibilities

  • Architect and operationalize AI patching pipelines for vulnerability detection and remediation
  • Utilize AI models to identify vulnerabilities and create proofs-of-concept
  • Develop reusable AI tooling for vulnerability discovery and remediation
  • Design processes to manage and streamline false positives in vulnerability reporting
  • Conduct penetration testing to validate security controls and remediations
  • Extend remediation coverage across various vulnerability types
  • Implement agentic remediation within enterprise CI/CD pipelines

Benefits

  • Flexible hybrid work policy
  • 15 days of paid annual leave plus 10 additional personal days
  • Comprehensive insurance plan including medical and dental coverage
  • RRSP with employer contribution up to 4%
  • Access to unlimited educational resources via Udemy for Business
  • Opportunities for coaching from experienced professionals
  • Engagement in innovative projects with leading banks and financial institutions
  • A diverse and inclusive global work environment
Full Job Description
Our challenge

As "Principal Consultant, Agentic AI Cybersecurity Engineer" Candidate will work hands-on alongside our cybersecurity engineering and application security teams to build, operate, and advance the agentic AI systems that find, exploit, and remediate vulnerabilities end-to-end across our application and infrastructure estate. Operating at a principal engineer level, candidate will personally direct frontier AI models do discover vulnerabilities in production code, develop proof-of-concept exploits, generate and validate fixes, and integrate them into CI/CD pipelines with safe human-in-the-loop controls. Candidate will also build reusable AI skills, prompts, and tooling that make agentic vulnerability management efficient and scalable across the estate. Candidate will bring deep dual expertise across offensive and defensive security, penetration testing, and software engineering, and apply that fluency to push the boundaries of what is possible with agentic AI in a regulated enterprise environment.

Additional Information*

The base salary for this position will vary based on geography and other factors. In accordance with law, the base salary for this role if filled within Toronto, ON is CAD $130k - CAD $140k/year & benefits (see below).

The Role

Responsibilities:
  • Architect and operationalize the end-to-end agentic AI patching pipeline spanning detection, fix generation, automated testing, and release across SAST, DAST, SCA, IAST, container, and server vulnerabilities.
  • Use frontier AI models to discover novel vulnerabilities in production application and infrastructure code, develop proof-of-concept exploits, and validate that AI-generated fixes close the underlying root cause.
  • Build and maintain the library of reusable AI skills, prompts, evaluation harness, and tooling that power agentic vulnerability discovery, triage, remediation, false positive analysis, and exemption workflows at scale.
  • Design and operationalize AI-driven false positive analysis and exemption processes to reduce manual triage burden and surface only actionable findings to development teams.
  • Conduct hands-on penetration testing and red team exercise against critical applications and infrastructure to validate defensive controls and agent-generated remediations.
  • Extend agentic remediation coverage across SAST, SCA, DAST, IAST, container, and server vulnerabilities, including the data and tooling needed to connect findings back to source.
  • Design agent prompting, guardrails, evaluation frameworks, and appropriate human-in-the-loop controls to ensure safe autonomous code changes, testing, and deployment.
  • Drive integration of agentic remediation into enterprise CI/CD pipelines (Github, Jenkins, etc.) across the deployment landscape.
  • Communicate technical design, risk trade-offs, and delivery progress clearly to senior stakeholders including CIO, CISO, 2LOD, and Audit functions.


Requirements:
  • 10+ years hands-on experience across software engineering, offensive security, and defensive security at a principal engineer level, with demonstrated personal contributions to production codebases and published vulnerability research or penetration testing engagements.
  • Advanced technical proficiency in multiple programming language (Java, C#, C, C++, Python, JavaScript/TypeScript, .NET, Go) with proven ability to personally write, review, and remediate production code.
  • Deep fluency in vulnerability classes including memory safety, injection authentication and authorization flaws, cryptographic misuse, deserialization, race conditions, and supply chain attacks, with hands-on experience finding and exploiting each.
  • Extensive hands-on experience with penetration testing, red teaming, exploit development, reverse engineering, and secure code review against OWASP Top 10 and SANS 25, combined with defensive engineering experience building detection and remediation capabilities.
  • Extensive hands-on experience with application security testing tools (SAST, DAST, IAST, SCA), including tuning, false positive analysis, exemption workflow design, and enterprise vulnerability management at scale.
  • Deep technical fluency with agentic AI coding tools and frameworks (Claude, Devin, Copilot, Windsurf, Cursor, MCP_, including prompt engineering, agent orchestration, reusable skill and tool design, guardrail design, and evaluation.
  • Strong architectural knowledge of modern CI.CD, container platforms (Docker, Kubernetes), cloud-native deployment patterns, and integration of security automation into developer workflows.


Preferred, but not required:
  • Relevant security certifications (OSCP, OSCE, OSEP, GXPN, GWAPT, CISSP, or equivalent).
  • Experience in financial services or highly regulated industries with exposure to SOX, SOC1, and regulatory audit.
  • Public evidence of offensive capability: published CVEs, bug bounty track record, conference talks (DEFCON, Black Hat, Offensive Con, Recon), CTF placements, or open-source security tooling contributions.
  • Hands-on experience with enterprise vulnerability tooling (Tenable, Aqua, Snyk, BrightSec) and remediation at scale.
  • Demonstrated ability to advise senior technology leaders and deliver within complex, multi-stakeholder enterprise environments.


We offer:
  • A multinational organization with 60 offices in 20 countries and the possibility to work abroad.
  • 15 days (3 weeks) of paid annual leave plus an additional 10 days of personal leave (floating days and sick days).
  • A comprehensive insurance plan including medical, dental, vision, life insurance, and long-term disability.
  • Flexible hybrid policy.
  • RRSP with employer's contribution up to 4%.
  • A higher education certification policy.
  • On-demand Udemy for Business for all Synechron employees with free access to more than 5000 curated courses.
  • Coaching opportunities with experienced colleagues from our Financial Innovation Labs (FinLabs) and Center of Excellences (CoE) groups.
  • Cutting edge projects at the world's leading tier-one banks, financial institutions and insurance firms.
  • A truly diverse, fun-loving and global work culture.

About Synechron

Synechron is a digital consulting firm that provides technology solutions to financial services companies. The company's services include digital, business consulting, technology, and data analytics. Synechron serves customers in the banking, capital markets, insurance, and asset management industries. The company has offices in North America, Europe, Asia, and the Middle East.
Learn more about Synechron
Size
10,000 employees
Industry
Founded
2001

Similar Jobs

More Jobs at Synechron

More Information Technology Jobs

Find similar Principal Consultant - Cybersecurity & Agentic AI jobs: