Director, Application Security Engineering (Remote)

$125,000 - $220,000/Yr

S&P Global

posted 4 months ago

Full-time - Senior
Remote
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Director of Application Security Engineering at S&P Global Ratings is a pivotal role focused on safeguarding the organization’s technology platforms against modern security threats. This position is responsible for leading a team of security engineers and analysts to develop and implement security architecture and engineering best practices across S&P Ratings applications and services, including those utilizing Generative AI (GenAI). The mission of the S&P Ratings Security team is to protect clients and users by creating innovative solutions to address significant security challenges. In this senior-level position, the director will collaborate with software development, QA, SRE, and operations teams to identify technical risks at both the component and system levels. The role involves evaluating critical failure points, determining necessary technical security controls, and prioritizing these controls in alignment with application development timelines. The director will also be responsible for driving the Secure Software Development Life Cycle (SDLC) roadmap and enhancing the security engineering program. This includes developing security tooling, mentoring team members, and partnering with software, SRE, and QA teams to deliver secure applications. The successful candidate will provide technical leadership and manage a team that offers architectural guidance on security best practices across various domains, including software development, shared services, and user interface design. The director will also be tasked with developing, implementing, and maintaining application security and GenAI security strategies, performing threat modeling, secure code reviews, and vulnerability research, and serving as a technical advisor for new technologies and applications developed by S&P Ratings. Additionally, the role includes consulting on security incident response processes and guiding teams in building secure cloud-native applications by incorporating industry best practices.

Responsibilities

  • Lead a team of security engineers and analysts to provide security engineering and architecture consultation.
  • Identify component and system level technical risks and evaluate critical failure points.
  • Determine technical security controls to mitigate risks and prioritize them with application development timelines.
  • Drive the Secure SDLC roadmap and assist in maturing the security engineering program.
  • Develop, implement, and maintain application security and GenAI security strategies.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications.
  • Evaluate new technology stacks and frameworks for security implications.
  • Develop strategies to automate security testing using various tools.
  • Coach development teams on security disciplines and provide training on software security best practices.
  • Consult on security incident response processes and application penetration tests.

Requirements

  • Bachelor's degree in Computer Science or a related field, or relevant work experience.
  • 6 or more years of progressive experience in security engineering roles.
  • Experience managing security engineering teams.
  • Demonstrated expertise in application security, web services security, and GenAI/LLM security.
  • Experience with threat modeling, risk analysis, and control design.
  • In-depth knowledge of network security, authentication, and authorization.
  • Advanced understanding of vulnerability exploitation chaining and remediation.
  • Expertise in product/application security architecture, including SOA, network security, and web services.
  • Skills in security audit, vulnerability assessment, and packet analysis.
  • Knowledge of TCP/IP stack, encryption, TLS, DTLS, ECC, and PKI/certificates.

Nice-to-haves

  • Programming expertise in Java and Python, with exposure to Agile SDLC processes.
  • Security forensic analysis skills.
  • Knowledge of AWS cloud architecture and virtualization technologies like Containers and EKS.
  • Experience with automation tools associated with DevOps and CI/CD pipelines.
  • Familiarity with SAST/DAST/SCA tools like Fortify and Whitesource.
  • Database knowledge including Postgres, Oracle, Databricks, and Snowflake.
  • Familiarity with secure SDLC frameworks such as NIST SSDF and OpenSAMM/BSIMM.
  • Experience with AI technologies and services, including security of Gen AI models.

Benefits

  • Health care coverage designed for the mind and body.
  • Generous time off to keep employees energized.
  • Access to resources for continuous learning and career growth.
  • Competitive pay and retirement planning options.
  • Financial wellness programs and company-matched student loan contributions.
  • Family-friendly perks and benefits for partners and children.
  • Retail discounts and referral incentive awards.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service