IS - Sr. Application Security Engineer (L09)

Job Description:

Role Title: IS - Sr. Application Security Engineer (L09)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.

• Synchrony celebrates ~51% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.

• We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being. 

• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

Synchrony’s Information Security Secure Development program’s mission is to protect and enable Synchrony’s business objectives by managing information security risk to the firm, focusing on the Software Development Lifecycle to ensure applications are deployed and updated within the risk tolerance of the organization.

Role Summary/Purpose:

The Senior Application Security Dynamic Engineer will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this role’s focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security security assessments on custom-coded applications, review security findings with developers, and support remediation tracking.

Key Responsibilities:

• Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and API’s, utilizing enterprise DAST and SCA platforms and tooling.

• Partner with developers to perform False Positive Analysis, secure code review, and audit/triage of findings to ensure true positives are identified and addressed.

• Validate remediation of DAST and web application security assessment findings.

• Recommend course of action to remediate security vulnerabilities and threats.

• Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids, identifying and escalating instances of non-compliance.

• Operate in an Agile development environment, understanding tools, concepts, and methodologies.

• Support the collection of data and documentation in support of examinations, audits, and metrics.

• Create and enhance internal documentation, e.g. job aids.

Required Skills/Knowledge:

• Bachelor’s degree with 2+ years of relevant experience in Technology, or in lieu of a degree 4+ years of relevant experience in Technology.

• Hands-on experience with any of the following application security assessments tools: Micro Focus WebInspect and WebInspect Enterprise, Burp Suite Professional, or other commonly used DAST enterprise tools

• Knowledge of common web application vulnerabilities and weaknesses (e.g. OWASP Top 10).

Desired Skills/Knowledge:

• Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.

• 1 or more years of experience with secure coding practices, software development experience, or comparable experience in the realm of Application Security.

• Self-starter with ability to work with general guidance/direction.

Eligibility Criteria:

Bachelor’s degree with 2+ years of relevant experience in Technology, or in lieu of a degree 4+ years of relevant experience in Technology.

Work Timings: 06:00 AM EST – 02:00 PM EST

(This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 06:00 AM Eastern Time – 11:30 AM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.)

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, PIP)

• L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligible.

• L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.

• L04+ Employees can apply

Grade/Level: 09

Job Family Group: