We know the TMT space. Our platforms, products, people, and partners help Telecommunications, Media, and Technology companies shift their digital business into high gear. We are helping companies create digital customer journeys that reduce cost, improve consumer satisfaction, and create new revenue.
Our Security team seeks a high-energy, motivated individual who combines solid technical credentials with a high degree of business insight for the position of Security Architect within the Security team.
You will collaborate with technology peers and business partners to embed security functions and features into all product development pipelines.
How you will help:
- Contribute to the development and deployment of a Product Security strategy for Synchronoss products to support business and customer needs.
- Lead to the development and implementation of threat modeling exercises with product teams.
- Partner with software engineers and development teams on building information security requirements and specifications into Synchronoss products.
- Facilitate compliance with product security policies, practices and legal requirements
- Review internally developed code for advanced security issues as part of an Agile Development process and educate Product Development teams on secure coding best practices.
- Develop and leverage automation and analytics capabilities to improve our cyber threat detection and prevention capabilities.
- Assist with product penetration testing and interact with penetration testers and other external vendors to validate security controls.
- Develop and maintain internal libraries that provide common implementations of critical security controls.
- Research and evaluate new Product Security technologies for internal consumption
Who we have in mind:
- 5 to 8 plus years of extensive software development experience:
- Fully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:
- Java, Python, jUnit, SQL, Elasticsearch
- Angular2, Node.js, HTML5, JSON
- AWS, UNIX/Shell, Bamboo, Jenkins, Maven, Gradle
- Extensive experience of application/product security experience in a large enterprise.
- Demonstrated and hands-on experience in the following areas:
- Source code auditing, threat modeling, product assessments, vulnerability research, and reverse engineering
- Strong understanding of the software development lifecycle (SDLC).
- Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
- Experience with various security tools and products (Fortify SCA, Fortify WebInspect, Burp Suite, Checkmarx, Nessus, IBM AppScan, etc.)
- Experience with common security scoring systems – CVSS v3 and CWSS, and secure coding standards/best practices
- Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
- Excellent verbal and written communication skills.
- One or more of the following security certifications preferred: Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), GIAC Mobile Device Security Analyst (GMOB), Offensive Security Certified Professional (OSCP), or similar security certification(s).
- BS in Computer Science preferred