Job Description

:Role Title: Senior Application Security Engineer (L09)Company Overview: Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industrys most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.We have recently been ranked #2 among Indias Best Companies to Work for 2024, #21 under LinkedIn Top Companies in India list, and received Top 25 BFSI recognition from Great Place To Work India. We have been ranked Top 5 among Indias Best Workplaces in Diversity, Equity, and Inclusion, and Top 10 among Indias Best Workplaces for Women in 2022.We offer 100% Work from Home flexibility for all our Functional employees and provide some of the best-in-class Employee Benefits and Programs catering to work-life balance and overall well-being. In addition to this, we also have Regional Engagement Hubs across India and a co-working space in Bangalore.Organizational Overview:Synchronys Information Security Secure Development programs mission is to protect and enable Synchronys business objectives by managing information security risk to the firm, focusing on the Software Development Lifecycle to ensure applications are deployed and updated within the risk tolerance of the organization.Role Summary/Purpose:The Senior Application Security Engineer will be responsible for the development and implementation of effective security controls pertaining to information systems. A significant part of this roles focus is to ensure successful execution of Dynamic Application Security Testing (DAST) and web application security assessments on custom-coded applications, review security findings with application teams, and support remediation tracking.Key Responsibilities:Execute DAST and web application security assessments for custom-developed internal and external-facing applications including web applications, web services, and APIs, utilizing enterprise DAST platforms and tooling.Partner with developers to perform False Positive Analysis, secure code review, and audit/triage of findings to ensure true positives are identified and addressed. Validate remediation of assessment findings.Configure, analyze, and troubleshoot DAST scans, scanner traffic/logs, and ensure high fidelity results for successful execution of DAST scans.Consistently enforce application security requirements as defined in applicable Standards, Procedures, and Job Aids (e.g. Annual assessments), identifying and escalating instances of non-compliance.Operate in an Agile development environment, understanding tools, concepts, and methodologies.Support the collection of data and documentation in support of examinations, audits, and metrics.Create and enhance internal documentation, e.g. job aids.Required Skills/Knowledge:Bachelors degree with 2 to 4 years of IT Experience or in lieu of a degree 4 to 6 years of IT experienceHands-on experience with any of the following application security assessments tools: Micro Focus WebInspect, Micro Focus Software Security Center (SSC), Burp Suite, or other commonly used DAST and web app assessment enterprise tools.Knowledge of common web application vulnerabilities and weaknesses (e.g. OWASP Top 10).Desired Skills/Knowledge:Excellent written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences.1 or more years of experience with secure coding practices, software development experience, or comparable experience in the realm of Application Security.Self-starter with ability to work with general guidance/direction.Eligibility Criteria:Bachelors degree with 2 to 4 years of IT Experience or in lieu of a degree 4 to 6 years of IT experienceWork Timings: 06:00 AM EST xe2x80x93 02:00 PM ESTFor Internal Applicants:Understand the criteria or mandatory skills required for the role, before applyingInform your manager and HRM before applying for any role on WorkdayEnsure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)Must not be any corrective action plan (First Formal/Final Formal, PIP)L4 to L7 Employees who have completed 12 months in the organization and 12 months in current role and level are only eligibleL8+Employees who have completed 18 months in the organization and 12 months in current role and level are only eligibleL04+ Employees can applyGrade / Level : 9Job Family Group: Information Technology

Synchrony