AVP, Information Security DevOps Engineer - Synchrony
Stamford, CT
About the Job
Job Description:
Role Summary/Purpose:
The AVP, Information Security DevOps Engineer is part of the Synchrony Information Security Cryptography Team, serving as a Cryptography, Information Security, and Secrets Management subject matter expert responsible for advancing Cryptography and Secrets Management multi-cloud platforms,, services, systems, and best practices at Synchrony. The candidate would have an engineering position focused on delivering critical/key enterprise data protection controls, efficient supporting processes, & comprehensive automation capabilities to protect & enable Synchrony's Information Security Engineering strategy at scale. The candidate is expected to have a strong understanding of Cryptography/Secrets Management automation, controls, lifecycle management, operations, and security.
The AVP, Information Security DevOps Engineer will serve as a key role in safeguarding the organization systems, networks, and data. The position is responsible for designing and building Information Security capabilities, management of these capabilities, and the supporting technology. In addition, this role will be responsible for acting as a trusted advisor for peers and other stakeholders within the organization.
We're proud to offer you choice and flexibility. You have the option to be remote, and work from home, or come into one of our offices. You may be occasionally requested to commute to our nearest office for in person engagement activities such as team meetings, training and culture events.
Essential Responsibilities:
+ Adopting and promoting engineering excellence by identifying efficiencies and synergies through means of automation, collaboration, and orchestration
+ Collaborates with architecture to identify capability gaps, develop requirements, identify solutions to address, assist with proof of concepts and testing of solutions
+ Implementation and technical lead responsibilities that include ongoing engineering/DevSecOps support for a global cryptography program which leverages a portfolio of data protection capabilities
+ Managing technology from ground up and understanding gaps within the tech stack, including overlap with other technology and/or coverage, capability gaps
+ Maintaining technology from a business as usual (BAU) aspect by ensuring the proper change management, incident management, disaster recover processes are occurring and current
+ Participate as one of several technical leads on team of information security engineers
+ Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
+ Partners with peers within the organization to effectively prioritize work by using agile processes and ensuring risks, impediments, and asks are brought to leadership in a timely fashion
+ Plays a hands-on role in the engineering and implementation of security measures that protect the computer systems, networks, and information
+ Plays a key role in designing and building solutions which safeguard the organizations platforms and systems
+ Proactively identifies problems and clearly articulates solutions and recommendations
+ Provide day-to-day administration and support for infrastructure related to API, application security, firewalls, encryption, intrusion detection systems, PKI, secrets management, vulnerability scanning, security monitoring tools, penetration testing, authentication, web filtering, identity management, or access control systems, and their associated logs and processes
+ Providing engineering/operations support for technology and processes, ensuring superior customer service is being met, and identifying process improvements
+ Serving as a mentor or a subject-matter expert (SME) to other InfoSec team members and/or stakeholders throughout the organization
+ Serving as a SAFe Product Owner for cryptographic technologies, accountable for defining/leading/maintaining the team backlog and product roadmap
+ Supporting a 'you build it you own it' model - meaning the technology built by engineering is also supported from a wing-to-wing operations aspect
+ Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
+ Work independently in identifying opportunities to improve engineering or other performance for Information Security/Technology & other functions across Synchrony
+ Work with Information Security/Technology engineers and API developers to drive program delivery
+ Perform other duties and/or special projects as assigned
Qualifications/Requirements:
+ Bachelor's degree with a minimum of 5 years of Information Technology experience, or in lieu of degree, a High School Diploma/GED with a minimum of 8 years of experience in Information Technology.
+ Minimum of 4+ years of experience in Information Security.
+ Certifications in audit, big data, cloud, cybersecurity, governance, information security, privacy, risk preferred; AWS, Cloudera, GCP, GIAC, ISC2, ISACA is preferred.
+ Proficient hands-on technical/working expertise with API development, API security, AWS, Azure, CI/CD pipelines, Cloudbees/Jenkins, Cloudera, containers, cryptography methodologies, databases, Git/Github, Go, HashiCorp Vault, Java, Linux, Perl, PKI, Python, secrets management, Terraform, tokenization
+ Excellent oral communication and writing skills. Adept and presenting complex topics, influencing and executing with timely / actionable follow-through
Desired Characteristics:
+ Ability to work under pressure and sustain productivity with multiple simultaneous projects across cross-functional engineering and operational information security teams
+ Creativity and individual thinking, the ability to work both independently & with teams
+ Cyber Security experience, especially around designing, building, managing solutions
+ DevOps and/or Engineering background
+ Engineering and/or architecture experience
+ Experience in modern coding languages such as Python
+ Experience with Agile, Scaled Agile (SAFe), Scrum
+ Good teamwork, oral and written communication
+ Good understanding of security landscape as a whole
+ Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure
+ Strong and efficient problem-solving and analytical skills, willingness to learn
+ Understanding of information security practices and policies, including risks and threats
+ Understanding of various public cloud deployment/platform/service models from a development, infrastructure, and information security aspect
Grade/Level: 10
The salary range for this position is 75,000.00 - 130,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
+ You must be 18 years or older
+ You must have a high school diploma or equivalent
+ You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
+ You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
+ New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months' time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months' time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don't meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you'll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard-but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we're building a future where we can all belong, connect and turn ideals into action. Through the power of our 8 Diversity Networks+ (https://www.synchronycareers.com/our-culture/#diversity) , with more than 60% of our workforce engaged, you'll find community to connect with an opportunity to go beyond your passions.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.
Reasonable Accommodation Notice:
+ Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
+ If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am - 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology
Role Summary/Purpose:
The AVP, Information Security DevOps Engineer is part of the Synchrony Information Security Cryptography Team, serving as a Cryptography, Information Security, and Secrets Management subject matter expert responsible for advancing Cryptography and Secrets Management multi-cloud platforms,, services, systems, and best practices at Synchrony. The candidate would have an engineering position focused on delivering critical/key enterprise data protection controls, efficient supporting processes, & comprehensive automation capabilities to protect & enable Synchrony's Information Security Engineering strategy at scale. The candidate is expected to have a strong understanding of Cryptography/Secrets Management automation, controls, lifecycle management, operations, and security.
The AVP, Information Security DevOps Engineer will serve as a key role in safeguarding the organization systems, networks, and data. The position is responsible for designing and building Information Security capabilities, management of these capabilities, and the supporting technology. In addition, this role will be responsible for acting as a trusted advisor for peers and other stakeholders within the organization.
We're proud to offer you choice and flexibility. You have the option to be remote, and work from home, or come into one of our offices. You may be occasionally requested to commute to our nearest office for in person engagement activities such as team meetings, training and culture events.
Essential Responsibilities:
+ Adopting and promoting engineering excellence by identifying efficiencies and synergies through means of automation, collaboration, and orchestration
+ Collaborates with architecture to identify capability gaps, develop requirements, identify solutions to address, assist with proof of concepts and testing of solutions
+ Implementation and technical lead responsibilities that include ongoing engineering/DevSecOps support for a global cryptography program which leverages a portfolio of data protection capabilities
+ Managing technology from ground up and understanding gaps within the tech stack, including overlap with other technology and/or coverage, capability gaps
+ Maintaining technology from a business as usual (BAU) aspect by ensuring the proper change management, incident management, disaster recover processes are occurring and current
+ Participate as one of several technical leads on team of information security engineers
+ Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
+ Partners with peers within the organization to effectively prioritize work by using agile processes and ensuring risks, impediments, and asks are brought to leadership in a timely fashion
+ Plays a hands-on role in the engineering and implementation of security measures that protect the computer systems, networks, and information
+ Plays a key role in designing and building solutions which safeguard the organizations platforms and systems
+ Proactively identifies problems and clearly articulates solutions and recommendations
+ Provide day-to-day administration and support for infrastructure related to API, application security, firewalls, encryption, intrusion detection systems, PKI, secrets management, vulnerability scanning, security monitoring tools, penetration testing, authentication, web filtering, identity management, or access control systems, and their associated logs and processes
+ Providing engineering/operations support for technology and processes, ensuring superior customer service is being met, and identifying process improvements
+ Serving as a mentor or a subject-matter expert (SME) to other InfoSec team members and/or stakeholders throughout the organization
+ Serving as a SAFe Product Owner for cryptographic technologies, accountable for defining/leading/maintaining the team backlog and product roadmap
+ Supporting a 'you build it you own it' model - meaning the technology built by engineering is also supported from a wing-to-wing operations aspect
+ Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
+ Work independently in identifying opportunities to improve engineering or other performance for Information Security/Technology & other functions across Synchrony
+ Work with Information Security/Technology engineers and API developers to drive program delivery
+ Perform other duties and/or special projects as assigned
Qualifications/Requirements:
+ Bachelor's degree with a minimum of 5 years of Information Technology experience, or in lieu of degree, a High School Diploma/GED with a minimum of 8 years of experience in Information Technology.
+ Minimum of 4+ years of experience in Information Security.
+ Certifications in audit, big data, cloud, cybersecurity, governance, information security, privacy, risk preferred; AWS, Cloudera, GCP, GIAC, ISC2, ISACA is preferred.
+ Proficient hands-on technical/working expertise with API development, API security, AWS, Azure, CI/CD pipelines, Cloudbees/Jenkins, Cloudera, containers, cryptography methodologies, databases, Git/Github, Go, HashiCorp Vault, Java, Linux, Perl, PKI, Python, secrets management, Terraform, tokenization
+ Excellent oral communication and writing skills. Adept and presenting complex topics, influencing and executing with timely / actionable follow-through
Desired Characteristics:
+ Ability to work under pressure and sustain productivity with multiple simultaneous projects across cross-functional engineering and operational information security teams
+ Creativity and individual thinking, the ability to work both independently & with teams
+ Cyber Security experience, especially around designing, building, managing solutions
+ DevOps and/or Engineering background
+ Engineering and/or architecture experience
+ Experience in modern coding languages such as Python
+ Experience with Agile, Scaled Agile (SAFe), Scrum
+ Good teamwork, oral and written communication
+ Good understanding of security landscape as a whole
+ Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure
+ Strong and efficient problem-solving and analytical skills, willingness to learn
+ Understanding of information security practices and policies, including risks and threats
+ Understanding of various public cloud deployment/platform/service models from a development, infrastructure, and information security aspect
Grade/Level: 10
The salary range for this position is 75,000.00 - 130,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
+ You must be 18 years or older
+ You must have a high school diploma or equivalent
+ You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
+ You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
+ New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months' time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months' time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don't meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you'll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard-but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we're building a future where we can all belong, connect and turn ideals into action. Through the power of our 8 Diversity Networks+ (https://www.synchronycareers.com/our-culture/#diversity) , with more than 60% of our workforce engaged, you'll find community to connect with an opportunity to go beyond your passions.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.
Reasonable Accommodation Notice:
+ Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
+ If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am - 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology
Source : Synchrony