General Description and Responsibilities
Title: Senior Software Security Architect
The Enterprise Architecture team seeks a high-energy, motivated individual who combines solid technical credentials with a high degree of business insight for the position of Senior Software Security Architect within the Enterprise Architect's team. You will collaborate with technology peers and business partners to embed security functions and features into all product development pipelines.
What you'll do:
* Contribute to the development and deployment of a Product Security strategy for Synchronoss products to support business and customer needs.
* Partner with software engineers and development teams on building information security requirements and specifications into Synchronoss products.
* Facilitate compliance with product security policies, practices and legal requirements
* Review internally developed code for advanced security issues as part of an Agile Development process and educate Product Development teams on secure coding best practices.
* Develop and leverage automation and analytics capabilities to improve our cyber threat detection and prevention capabilities.
* Contribute to the development and implementation of threat modeling exercises with product teams.
* Assist with product penetration testing and interact with penetration testers and other external vendors to validate security controls.
* Develop and maintain internal libraries that provide common implementations of critical security controls.
* Research and evaluate new Product Security technologies for internal consumption.
What you have:
* 10 to 15 plus years of extensive software development experience:
* Fully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:
* Java, Python, jUnit, SQL, Elasticsearch
* Angular2, Node.js, HTML5, JSON
* AWS, UNIX/Shell, Bamboo, Jenkins, Maven, Gradle
* Extensive experience of application/product security experience in a large enterprise.
* Demonstrated and hands-on experience in the following areas:
* Source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering
* Strong understanding of the software development lifecycle (SDLC).
* Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
* Experience with various security tools and products (Fortify SCA, Fortify WebInspect, Burp Suite, Checkmarx, Nessus, IBM AppScan, etc.)
* Experience with common security scoring systems - CVSS v3 and CWSS, and secure coding standards/best practices
* Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
* Excellent verbal and written communication skills.
* One or more of the following security certifications preferred: Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), GIAC Mobile Device Security Analyst (GMOB), Offensive Security Certified Professional (OSCP), or similar security certification(s).
* BS in Computer Science preferred
About Synchronoss Technologies
Synchronoss provides personal cloud solutions and software-based activation for connected devices across the globe.