AVP, Cloud Penetration Tester

Company: Disability Solutions
Location: New York
Posted on: February 1, 2025

Job Description:

Job Description:Role Summary/Purpose:Perform cloud application and network cybersecurity assessments on Synchrony's application and network environment to identify cyber security gaps or improvement opportunities. Develop policies, standards, and procedures to maintain/improve area of responsibility. This role will also be responsible for tracking identified risks and monitoring remediation status to closure.--We're proud to offer you choice and flexibility. You have the option to be remote, and work from home, or come into one of our offices. You may be occasionally requested to commute to our nearest office for in person engagement activities such as team meetings, training and culture events.Essential Responsibilities:The Attack and Penetration Testing Team coordinates across all elements of the IT organization at all levels, including senior executives. This role requires experience in penetration testing principles, tools, and techniques.--- Responsibilities include:-------

• Lead and execute application security penetration tests; defining scope, coordinating attacks, executing tests and reporting findings, following an established methodology in accordance with defined processes.--
• Perform penetration testing on cloud environments (e.g., AWS, Azure, GCP) to identify vulnerabilities in configurations, permissions, and architecture. Conduct penetration testing on enterprise containerized environments, including orchestration platforms such as Kubernetes, Docker Swarm, and cloud-native architectures, to uncover vulnerabilities and provide actionable remediation strategies.
• Research, develop, implement, test and document tools, techniques and tactics used by adversaries to compromise and maintain control of information assets.--
• Analyze impact of zero-day threats to determine real vs. theoretical risk impact to Synchrony's data.--
• Partner with and build strong working relationships with IS, IT and business functions to develop an assessment program that meets regulatory, compliance and business needs.--
• Support Application Security Management leadership to coordinate SYF Attack and Penetration testing activities.--
• Support metrics capabilities that convey performance of SYF Application Security program and risk to SYF.----
• Document findings and create detailed reports for constituents both in written and verbal formats.--
• Actively mentor developers on secure coding practices
• Perform other duties and/or special projects as assigned.Qualifications/Requirements:
  • Bachelor's degree and a minimum 5 years of work experience in IT or in lieu of a degree, a High School Diploma/GED and minimum 9 years work experience--
  • Minimum of 3 years of experience conducting or reviewing application security assessments for common vulnerabilities (OWASP top 10)--
  • Minimum 2 years of experience of performing cloud penetration testing engagements in an enterprise environment.--
  • Cloud specific certifications such as GCPN, CCSP or equivalentDesired Characteristics:
    • Industry certifications such as CISSP, OSCP, OSWE, GPEN are a plus.--
    • Financial services industry experience.-----
    • Hands-on experience with Open Source and commercial tools such as Burp Suite Pro, Caido, Nuclei, Pacu, Postman
    • Experience testing Public Cloud applications and serverless functions such as Lambda, Azure Function, Google Cloud Functions.
    • Experience testing containerized platforms.
    • In-depth experience testing APIs.
    • Knowledgeable in scripting (Powershell, Bash, Python, etc) and automation--
    • Extreme resourcefulness with willingness to learn and teach how to characterize adversary tools and techniques, assess and test Company resources, and improve Company defenses.--
    • Very strong analytical capabilities, with problem-solving skills and a common-sense approach to solving problems.--
    • Awareness of the latest cybersecurity trends and developments.--
    • A team-focused mentality with proven experience to work effectively with diverse stakeholders----
    • Demonstrated experience communicating complex and technical issues to diverse audiences, verbally and in writing, in an easily-understood, and actionable manner--Grade/Level: 11------------------------ ------------------------------------------------------ ---------------------------------------------------------------------------------- The salary range for this position is 110,000.00 - 185,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.--------------------------------------------------------------Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.Salaries are adjusted according to market in CA, NY Metro and Seattle.Eligibility Requirements:
      • You must be 18 years or older
      • You must have a high school diploma or equivalent
      • You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
      • You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
      • New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles.-- Once this new hire time in position requirement is met, the associate will have a minimum 6 months' time in position before they can post for future non-exempt roles.-- Employees, level 8 or greater, must have at least 18 months' time in position before they can post.-- All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don't meet the time in position or performance expectations).Legal authorization to work in the U.S. is required.-- We will not sponsor individuals for employment visas, now or in the future, for this job opening.--All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.--Our Commitment:When you join us, you'll be part of a diverse, inclusive culture where your skills, experience, and voice are not only heard-but valued. We celebrate the differences in all of us and believe that our individual, unique perspectives is what makes Synchrony truly a great place to work. Together, we're building a future where we can all belong, connect and turn ideals into action. Through the power of our 8--, with more than 60% of our workforce engaged, you'll find community to connect with an opportunity to go beyond your passions.This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status.Reasonable Accommodation Notice:
        • Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
        • If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627.---- Representatives are available from 8am - 5pm Monday to Friday, Central Standard TimeJob Family Group:Information Technology

Keywords: Disability Solutions, East Orange , AVP, Cloud Penetration Tester, IT / Software / Systems , New York, New Jersey