S&P Global - Little Rock, AR
posted 2 months ago
The S&P Ratings Security team is dedicated to protecting clients and users from modern security threats. The mission of this team is to safeguard systems and data by developing innovative solutions to address significant security challenges. We are seeking a Senior Application Security Engineer/Director who will be responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. This role will provide security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, including Generative AI applications. As a Director-level individual contributor, this position will collaborate with Security, software development, Data Science/LLM, QA, and Operations teams to identify technical risks at both component and system levels. The successful candidate will evaluate critical failure points, determine technical security controls to mitigate risks, prioritize and schedule these controls alongside application development timelines, and work with cross-functional teams to implement necessary remediations. This role will also drive the Secure SDLC roadmap, GenAI security strategy, and Cloud security architecture, assist in maturing the security engineering program, develop security tooling, and mentor others while being a hands-on partner to development teams to deliver innovative and secure applications. Key responsibilities include developing, implementing, and maintaining application security and GenAI security strategies, providing architectural guidance on best practices for security in software development, and performing threat modeling, secure code reviews, and secure design reviews for high-risk applications. The candidate will also be responsible for vulnerability research, serving as a technical security/risk advisor for new technologies and applications developed by S&P Ratings, and determining testing requirements while developing strategies to automate security testing using various scripting and open-source tools. Additionally, the role involves coaching development teams on security disciplines, maintaining knowledge of current and emerging technologies related to security architectural solutions, and consulting on security incident response processes.