i
Synchrony
Proud winner of ABECA 2024 - AmbitionBox Employee Choice Awards
1-8 years
Hyderabad / Secunderabad
1 vacancy
AVP, Cloud Cryptography Engineer (L10)
Synchrony
posted 2d ago
Flexible timing
Key skills for the job
Job Description:
Role Title: AVP, Cloud Cryptography Engineer (L10)
Company Overview :
Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.
We have recently been ranked #2 among India s Best Companies to Work for by Great Place to Work. We were among the Top 50 India s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by AmbitionBox Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.
Synchrony celebrates ~51% women diversity, 105+ people with disabilities, and ~50 veterans and veteran family members.
We offer Flexibility and Choice for all employees and provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.
We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.
Organizational Overview:
The AVP, Cloud Cryptography Engineer is part of the Synchrony Information Security Cryptography Team, serving as a Cloud Security, Cryptography, Information Security, and Key/Secrets Management subject matter expert responsible for advancing Cryptography, Key/Secrets Management multi-cloud platforms, services, systems, and best practices at Synchrony. The candidate would have an engineering position focused on delivering critical/key enterprise data protection controls, efficient supporting processes, & comprehensive automation capabilities to protect & enable Synchrony s Information Security Engineering strategy at scale. The candidate is expected to have a strong understanding of Cloud Security, Cryptography, DevSecOps, Key/Secrets Management automation, controls, lifecycle management, operations, and security.
Role Summary/Purpose:
The AVP, Cloud Cryptography Engineer will serve as a key role in safeguarding the organization multi-cloud systems, networks, and data. The position is responsible for designing and/or building multi-cloud Information Security capabilities, management of these capabilities, and the supporting technology. In addition, this role will be responsible for acting as a trusted advisor for peers and other stakeholders within the organization.
Essential/Key Responsibilities:
Adopting and promoting engineering excellence by identifying efficiencies and synergies through means of automation, collaboration, and orchestration
Collaborates with architecture to identify capability gaps, develop requirements, identify solutions to address, assist with proof of concepts and testing of solutions
Implementation and technical lead responsibilities that include ongoing DevSecOps/Engineering support for a global cryptography program that leverages a portfolio of multi-cloud data protection capabilities (e.g. AWS ACM/PCA/KMS, Azure Key Vault, Google Cloud KMS)
Managing technology from the ground up and understanding gaps within the tech stack, including overlap with other technology and/or coverage, capability gaps
Maintaining technology from a business as usual (BAU) aspect by ensuring the proper change management, disaster recover,incident management processes are occurring and current
Participate as one of several technical leads on team of Information Security engineers
Participate in authoring, editing, providing, or reviewing documentation (procedures, standards) to ensure a well-managed and mature security infrastructure
Partners with peers within the organization to effectively prioritize work by using agile processes and ensuring risks, impediments, and asks are brought to leadership in a timely fashion
Plays a hands-on role in the engineering and implementation of multi-cloud security measures that protect enterprise applications, computer systems, information, infrastructure, and networks
Plays a key role in designing and building multi-cloud solutions that safeguard the organizations platforms and systems
Proactively identifies problems and clearly articulates solutions and recommendations
Provide day-to-day administration and support for multi-cloud infrastructure related to API, application security, firewalls, encryption, intrusion detection systems, PKI, secrets management, vulnerability scanning, security monitoring tools, penetration testing, authentication, web filtering, identity management, or access control systems, and their associated logs and processes
Providing engineering/operations support for multi-cloud technology and processes, ensuring superior customer service is being met, and identifying process improvements
Serving as a mentor or a subject-matter expert (SME) to other Information Security team members and/or stakeholders throughout the organization
Serving as a SAFe Product Owner for cryptographic technologies, accountable for defining/leading/maintaining the team backlog and product roadmap
Supporting a you build it you own it model - meaning the technology built by Engineering is also supported from a wing-to-wing operations aspect
Works closely with Information Security program manager, scrum master, and architects to convey technical impacts to development/engineering timeline and risks
Work independently in identifying opportunities to improve engineering or other performance for Information Security/Technology & other functions across Synchrony
Work with Information Security/Technology engineers, Application Teams, and API developers to drive program delivery
Perform other duties and/or special projects as assigned
Required Skills/Knowledge:
Graduation in Computer Science/other technical degree or Business Management and 4+years of Information Security/Technology experience or in lieu of degree High School Diploma/GED and 6+ years of Information Security/Technology experience
Minimum of 4+ years of experience in Cloud and Information Security.
Certifications in audit, big data, cloud, cybersecurity, governance, information security, privacy, risk; AWS, Azure, CSA, GCP, GIAC, ISC2, ISACA
Proficient hands-on technical/working expertise with API development, API security, AWS (Certificate Manager, KMS, Private CA, Secrets Manager), Azure (Key Vault), CI/CD pipelines, Cloudbees/Jenkins, Cloudera, containers, cryptography methodologies, databases, GCP (Cloud KMS, Secret Manager) Git/Github, Go, HashiCorp Vault, Java, Linux, Perl, PKI, Python, secrets management, Terraform, tokenization
Excellent oral communication and writing skills. Adept and presenting complex topics, influencing and executing with timely / actionable follow-through
Desired Skills/Knowledge:
Ability to work under pressure and sustain productivity with multiple simultaneous projects across cross-functional engineering and operational information security teams
Cloud Security experience, especially around designing, building, managing solutions with the following vendors:
AWS (Primary)
Azure
GCP
Creativity and individual thinking, the ability to work both independently & with teams
Cyber Security experience, especially around designing, building, managing solutions
DevOps and/or Engineering background
Engineering and/or architecture experience
Experience in modern coding languages such as Python
Experience with Agile, Scaled Agile (SAFe), Scrum
Good teamwork, oral and written communication
Good understanding of security landscape as a whole
Familiarity with problem and incident management, change management, notifications, and basic operational understanding of running and maintaining infrastructure
Strong and efficient problem-solving and analytical skills, willingness to learn
Understanding of information security practices and policies, including risks and threats
Understanding of various public cloud deployment/platform/service models from a development, infrastructure, and information security aspect
Eligibility Criteria:
Graduation in Computer Science/other technical degree or Business Management and 4+years of Information Security/Technology experience or in lieu of degree High School Diploma/GED and 6+ years of Information Security/Technology experience.
WORK TIMINGS : 2pm to 11pm IST
( This role qualifies for Enhanced Flexibility and Choice offered in Synchrony India and will require the incumbent to be available between 08:00 AM Eastern Time - 01:30 PM Eastern Time (timings are anchored to US Eastern hours and will adjust twice a year locally). This window is for meetings with India and US teams. The remaining hours will be flexible for the employee to choose. Exceptions may apply periodically due to business needs. Please discuss this with the hiring manager for more details.)
For Internal Applicants :
Understand the criteria or mandatory skills required for the role, before applying
Inform your manager and HRM before applying for any role on Workday
Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)
Must not be any corrective action plan (First Formal/Final Formal, PIP)
L8+ Employees who have completed 18 months in the organization and 12 months in current role and level are only eligible.
L08+ Employees can apply
Grade/Level: 10
Job Family Group:
Information Technology
Employment Type: Full Time, Permanent
Read full job descriptionPrepare for Engineer roles with real interview advice