Director, Application Security Engineering

$125,000 - $220,000/Yr

S&P Global - Princeton, NJ

posted 4 months ago

Full-time - Senior
Princeton, NJ
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The S&P Ratings Security team is dedicated to protecting clients and users from modern security threats. The mission of this team is to safeguard systems and data by developing innovative solutions to address significant security challenges. We are seeking a Senior Security Engineer who will be responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. This role will lead a team of security engineers and analysts, providing security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, including GenAI applications. In this position, the Senior Security Engineer will collaborate with software development, QA, SRE, and Operations teams to identify technical risks at both component and system levels. The engineer will evaluate critical failure points, determine technical security controls to mitigate risks, and prioritize and schedule these controls in alignment with application development timelines. This role combines managerial and technical capabilities, driving the Secure SDLC roadmap and Cloud security architecture, maturing the security engineering program, developing security tooling, and mentoring team members. The engineer will also partner closely with software, SRE, and QA teams to deliver innovative and secure applications. A successful candidate will provide technical leadership and manage a team that offers architectural guidance on best practices for security in software development, shared services, user interface design frameworks, high-performance messaging solutions, server-side development, integrations, tools, and technologies. The engineer will drive the specification and realization of a security architecture, balancing security risks with customer and market requirements. Responsibilities also include developing, implementing, and maintaining application security and GenAI security strategies, performing threat modeling, secure code reviews, and secure design reviews for high-risk applications, and evaluating new technology stacks and frameworks. Additionally, the engineer will assist developers in remediating vulnerabilities and coach development teams on security disciplines, ensuring that systems are placed within the relevant security zones based on the data they house and their purpose.

Responsibilities

  • Work across software development, QA, SRE, and Operations teams to identify component and system level technical risks.
  • Identify and evaluate critical failure points and determine technical security controls to mitigate risks.
  • Prioritize and schedule controls with application development timelines and implement remediations with cross-functional teams.
  • Drive the Secure SDLC roadmap and Cloud security architecture.
  • Assist with maturing the security engineering program and develop security tooling.
  • Mentor team members and provide hands-on support to software, SRE, and QA teams.
  • Provide architectural guidance on best practices regarding security in software development and shared services.
  • Drive and guide the specification and realization of a security architecture.
  • Develop, implement, and maintain Application security and GenAI security strategy.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications.
  • Evaluate new technology stacks and frameworks for security implications.
  • Perform vulnerability research and serve as a technical security/risk advisor for new technology/applications.
  • Determine testing requirements and develop strategies to automate security testing.
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance.
  • Coach development teams on security disciplines and provide training on software security best practices.
  • Maintain knowledge of current and emerging technologies related to security architectural solutions.
  • Develop repeatable application security patterns to ensure systems are placed within relevant security zones.
  • Consult and assist with the security incident response process.
  • Consult on efforts to scope and drive Application Penetration tests to identify and mitigate security gaps.
  • Guide development and SRE teams in building secure Cloud Native applications.

Requirements

  • Bachelor's degree in Computer Science, related field, or relevant work experience.
  • 6 or more years of progressive related experience in Security engineering roles.
  • Experience managing security engineering teams.
  • Demonstrated subject matter expertise in Application Security, Web services security, and GenAI/LLM security.
  • Experience with threat modeling, risk analysis, and control design.
  • Experience architecting and leading security for Cloud native applications.
  • In-depth knowledge of network security, authentication, and authorization.
  • Advanced understanding of vulnerability exploitation chaining and remediation.
  • Demonstrated expertise in product/application security architecture including SOA, network security, application security, web services, JavaScript, and Python.
  • Security audit, vulnerability assessment, and packet analysis skills.
  • Knowledge of TCP/IP stack, encryption expertise, TLS, DTLS, ECC, PKI/Certificates.
  • Experience with Identity & Access Management: AD/LDAP.

Nice-to-haves

  • Programming expertise in Java and Python, with exposure to the Agile SDLC process.
  • Security forensic analysis skills.
  • Knowledge of AWS cloud architecture and virtualization technologies such as Containers, EKS, Kubernetes, and VMware.
  • Experience performing threat modeling and design reviews to assess security implications and requirements.
  • Experience in defining and documenting security reference architectures and standards.
  • Experience with automation tools associated with DevOps and CI/CD pipelines, and with security integration into CI/CD.
  • Familiarity with SAST/DAST/SCA tools like Fortify and Whitesource.
  • Database and datalake knowledge including Postgres, Oracle, Databricks, and Snowflake.
  • Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM/BSIMM.
  • Experience with AI technologies and services (e.g., ChatGPT, Bedrock).
  • Expertise in the security of Gen AI models, including multi-modal models.
  • Experience with the security of automation built around Gen AI inputs and outputs.

Benefits

  • Health care coverage designed for the mind and body.
  • Generous time off to keep employees energized.
  • Access to resources for continuous learning and career growth.
  • Competitive pay and retirement planning options.
  • Company-matched student loan contributions and financial wellness programs.
  • Family-friendly perks and best-in-class benefits for families.
  • Retail discounts and referral incentive awards.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service