S&P Global - Princeton, NJ
posted 4 months ago
The S&P Ratings Security team is dedicated to protecting clients and users from modern security threats. The mission of this team is to safeguard systems and data by developing innovative solutions to address significant security challenges. We are seeking a Senior Security Engineer who will be responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. This role will lead a team of security engineers and analysts, providing security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, including GenAI applications. In this position, the Senior Security Engineer will collaborate with software development, QA, SRE, and Operations teams to identify technical risks at both component and system levels. The engineer will evaluate critical failure points, determine technical security controls to mitigate risks, and prioritize and schedule these controls in alignment with application development timelines. This role combines managerial and technical capabilities, driving the Secure SDLC roadmap and Cloud security architecture, maturing the security engineering program, developing security tooling, and mentoring team members. The engineer will also partner closely with software, SRE, and QA teams to deliver innovative and secure applications. A successful candidate will provide technical leadership and manage a team that offers architectural guidance on best practices for security in software development, shared services, user interface design frameworks, high-performance messaging solutions, server-side development, integrations, tools, and technologies. The engineer will drive the specification and realization of a security architecture, balancing security risks with customer and market requirements. Responsibilities also include developing, implementing, and maintaining application security and GenAI security strategies, performing threat modeling, secure code reviews, and secure design reviews for high-risk applications, and evaluating new technology stacks and frameworks. Additionally, the engineer will assist developers in remediating vulnerabilities and coach development teams on security disciplines, ensuring that systems are placed within the relevant security zones based on the data they house and their purpose.