Sr. Application Security Engineer
Remote
At Syncro, our Vision is to transform the Managed Services industry with an intelligent software platform that enables Managed Service Providers (MSPs) to harness unparalleled automation and efficiency. We're on the lookout for collaborative individuals with diverse perspectives willing to bring their authentic selves to a culture that prioritizes the employee and customer experiences. As a remote-first software company, we are relentlessly focused on living our core values. Please take a moment to reflect on whether you resonate with our company's core values and culture. If you believe you're ready to embark on a journey of delivering incredible customer experiences as a part of the Syncro team, then dive into the job details below!
- Core Values: At Syncro we believe that companies with a strong, collaborative and inclusive culture perform better and provide a great working environment.
- Bring Your Authentic Self: Different voices, backgrounds, identities, and perspectives make us a strong and thriving workplace.
- Take Ownership & Accountability: We hold ourselves accountable measuring progress and communicating at every step on the way.
- Operate Transparently: We operate with integrity and trust, using transparent and clear communication to hold ourselves accountable to our Partners and Team Members.
- Put Partners at the Center of Everything We Do: We care deeply about understanding our partners, and our products and services are delivered with our Partners’ best interests in mind.
- Enjoy the Ride Together: We’re people-centric, and caring for each other is an important part of harmonizing our work with our personal needs.
- Show Up to Win!: We each operate with the heart of a champion in our pursuit of excellence. We encourage innovation, operational diligence and embrace challenges as opportunities.
Benefits Quick Overview:
- Pay Range:$118k-$165k (targeting midpoint of $142k USD) - Adjustable to Canadian market ranges
- Remote first: We are the PIONEERS of “work from home” - remote work is all we have ever done and we do it well! Our team members are all over the globe working from home and striking an awesome balance in their lives.
- Equity Appreciation Program: Syncro offers an equity program that everyone participates in
- Unlimited PTO: With a 2 week annual minimum, Syncro wants you to take time when you need it.
- 401k Plan: A hassle free plan with a 50% company match up to 4% of your annual salary.
- Health Insurance: Syncro covers 95% of the monthly premiums for you and your dependents. Plus our plans have extremely low deductibles and out of pocket costs that don't sacrifice great coverage for you or your family anywhere in the US.
- Parental Leave: Up to 6 weeks paid parental leave so you can focus on the new addition to your family
- And more!: Ask us about our other benefits like Pet Insurance, Flexible Spending Accounts, 100% employer paid Short Term Disability, and Ultra-Remote Work.
The Opportunity: As the Sr. Application Security Engineer at Syncro, you will be responsible for owning the security posture across the organization alongside the CTO and Sr. Manager of Infrastructure. You will drive application security across our infrastructure and participate in compliance activities.
You will be working 100% remotely.
What You’ll Be Doing:
- Develop and implement information security policies and procedures
- Manage application security, including secure coding practices, vulnerability management, and penetration testing
- Lead and/or collaborate on fixing identified vulnerabilities within the Syncro code base
- Conduct security audits and risk assessments
- Participate in compliance activities such as SOC 2 audit and HIPAA Compliance
- Investigate security incidents and breaches
- Train employees on information security best practices
- Implementing strong IAM policies, rotating access keys, enforcing MFA, and leveraging IAM roles to minimize security risks.
- Configuring secure VPCs, security groups, and NACLs to control network traffic and protect against unauthorized access.
- Implementing encryption strategies for data at rest and in transit, and ensuring regular backups to safeguard critical data.
- Utilizing AWS CloudTrail, CloudWatch, Config, and GuardDuty to monitor and detect potential threats.
- Conducting regular security assessments, applying security patches, and maintaining an effective incident response plan.
Must haves:
- Strong understanding of information security principles and practices
- Experience in developing and implementing information security policies and procedures
- Hands on experience managing application security across multiple engineering teams
- Experience managing bug bounty programs
- Managed vulnerability management programs and reducing vulnerabilities across software stack
- Participated in compliance audits such as SOC 2, HIPAA, etc
- Experience in investigating security incidents and breaches
- Experience with application security testing tools (SAST and DAST).
- Proficiency in using SAST and DAST tools to identify and mitigate vulnerabilities.
- Experience with at least one Object Oriented programming languages / frameworks such as Java, C#, Golang, Ruby on Rails, Php Symfony, etc
- A solid understanding of AWS security and best practices.
Nice to haves:
- Experience training employees on information security best practices
- A strong grasp of fundamental Kubernetes components such as pods, services, deployments, and namespaces.
- Experience in conducting security audits and risk assessments
- Experience with WAF and DDoS protection such as Cloudflare, to enhance the overall security posture of web applications.
- Managed compliance audits such as SOC 2, HIPAA, etc
- AWS Certified Security - Specialty
- AWS Certified Solutions Architect - Associate
- CISSP (Certified Information Systems Security Professional)
- Certified Kubernetes Security Specialist (CKS)
- Certified Kubernetes Administrator (CKA)
Interview Process: At Syncro we believe in transparency and providing candidates with as much information as possible so you can make an informed decision during your job search. Below are the steps of the interview process you can expect:
- Initial Zoom call with HR
- Zoom call with Hiring Manager
- Technical panel with engineers
- Zoom call with CTO
Company Details: If you’re curious about learning more about Syncro, read on and visit the links below.
Syncro is a B2B SaaS company with a highly collaborative and creative team serving the Managed Services Provider (MSP) industry. Picture an MSP as a company’s outsourced IT department - our platform empowers them with the tools and automation they need to run their businesses and supercharge their client services. Our goal is to empower our customers (we call them partners) to thrive through operational excellence. We're all about making it happen together!
To see more about our product, and what it’s like to work here at Syncro, check us out online:
- Website: www.syncromsp.com
- Glassdoor: https://www.glassdoor.com/Overview/Working-at-Syncro-EI_IE4650167.11,17.htm
- LinkedIn: https://www.linkedin.com/company/syncromsp/mycompany/
- Life at Syncro Instagram: https://www.instagram.com/lifeatsyncro/
Syncro is an equal opportunity employer. We are committed to creating an inclusive environment where all employees can thrive and do their best work, free from discrimination and harassment.
ApplyJob Profile
Benefits/Perks401(k) with company match Additional perks Equity program Flexible Spending Accounts Health insurance Other benefits Paid parental leave Parental leave Pet Insurance Remote First Remote work Short Term Disability Unlimited PTO
Tasks- Conduct security audits
- Develop security policies
- Investigate security incidents
- Manage application security
- Participate in compliance activities
- Train employees
Application Security Audits Automation Communication Compliance HIPAA Information security Innovation LinkedIn Penetration Testing Risk assessments Secure coding Security audits SOC 2 Vulnerability Management
Certifications