S&P Global - Nashville, TN

posted about 2 months ago

Full-time - Senior
Onsite - Nashville, TN
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Application Security Engineer/Director - Generative AI role at S&P Global is a pivotal position within the S&P Ratings Security team, which is dedicated to protecting clients and users from modern security threats. The mission of this team is to safeguard systems and data by developing innovative solutions to address significant security challenges. The successful candidate will be responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. This role will provide essential security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, including Generative AI applications. As a Director-level individual contributor, this position will collaborate with various teams, including Security, software development, Data science/LLM, QA, and Operations. The primary responsibilities include identifying component and system-level technical risks, evaluating critical failure points, determining technical security controls to mitigate risks, and prioritizing and scheduling these controls in alignment with application development timelines. The role also involves working with cross-functional teams to implement necessary remediations. The candidate will drive the Secure SDLC roadmap, develop the Generative AI security strategy, and assist in maturing the security engineering program. This includes developing security tooling, mentoring team members, and partnering with development teams to deliver innovative and secure applications. A successful candidate will be expected to maintain knowledge of current and emerging technologies related to security architectural solutions and consult on security incident response processes.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy.
  • Provide architectural guidance on best practices regarding security in software development, shared services, user interface design frameworks, high performance messaging solutions, server-side development, integrations, tools and technologies.
  • Drive and guide the specification and realization of a security architecture, balancing security risks with customer or market requirements.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications, and evaluate new technology stacks and frameworks.
  • Conduct vulnerability research and serve as a technical security/risk advisor for new technology/applications developed by S&P Ratings.
  • Determine testing requirements and develop strategies to automate security testing using various scripting and open-source tools.
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance.
  • Coach development teams on security disciplines like Threat modeling and Security code reviews, and provide training on software security best practices.
  • Maintain knowledge of current and emerging technologies/products/trends related to security architectural solutions.
  • Develop repeatable application security patterns to ensure systems are placed within relevant security zones based on the data they house and their purpose.
  • Consult and assist with the security incident response process.
  • Consult on efforts to scope and drive Application Penetration tests to identify and mitigate gaps in security controls.
  • Guide development and SRE teams in building secure Cloud Native applications by incorporating Cloud and Microservices Security best practices.

Requirements

  • Proven experience in application security and security architecture, particularly in the context of Generative AI applications.
  • Strong understanding of secure software development lifecycle (SDLC) practices and methodologies.
  • Experience with threat modeling, secure code reviews, and vulnerability assessments.
  • Familiarity with cloud security best practices and microservices architecture.
  • Ability to mentor and coach development teams on security best practices and disciplines.
  • Strong analytical and problem-solving skills, with the ability to evaluate complex security issues and provide effective solutions.
  • Excellent communication skills, capable of conveying technical concepts to non-technical stakeholders.

Nice-to-haves

  • Experience with security tooling and automation frameworks.
  • Knowledge of regulatory compliance requirements related to application security.
  • Familiarity with DevSecOps practices and tools.

Benefits

  • Annual incentive plan eligibility.
  • Comprehensive health benefits including medical, dental, and vision insurance.
  • 401(k) retirement savings plan with company matching contributions.
  • Flexible work arrangements including remote work options.
  • Professional development opportunities and training programs.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service