S&P Global - Phoenix, AZ

posted about 2 months ago

Full-time - Senior
Remote - Phoenix, AZ
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Lead Application Security Engineer - Generative AI at S&P Global is a pivotal role within the S&P Ratings Security team, which is dedicated to safeguarding clients and users from modern security threats. This position is responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. The successful candidate will provide security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, particularly focusing on Generative AI applications. This role is designed for a Director-level individual contributor who will collaborate with various teams, including Security, software development, Data science/LLM, QA, and Operations, to identify technical risks, evaluate critical failure points, and implement necessary security controls. The responsibilities include driving the Secure SDLC roadmap, developing security tooling, mentoring team members, and being a hands-on partner to development teams to ensure the delivery of innovative and secure applications. The candidate will also be tasked with performing threat modeling, secure code reviews, and vulnerability research, while providing guidance on security best practices in software development and cloud-native applications. This role requires a deep understanding of application security, web services security, and the security of Generative AI models, along with the ability to coach development teams on security disciplines and maintain knowledge of emerging technologies related to security architecture.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy
  • Provide architectural guidance on best practices regarding security in software development
  • Drive and guide the specification and realization of a security architecture
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications
  • Perform vulnerability research and serve as a technical security/risk advisor
  • Determine testing requirements and develop strategies to automate security testing
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance
  • Coach development teams on security disciplines like Threat modeling and Security code reviews
  • Maintain knowledge of current and emerging technologies related to security architectural solutions
  • Consult and assist with security incident response process
  • Guide development and SRE teams in building secure Cloud Native applications

Requirements

  • Bachelor's degree in Computer Science or related field, or relevant work experience
  • 12 or more years of progressive related experience in Security engineering roles
  • Demonstrated subject matter expertise in Application Security, Web services security, GenAI/LLM security
  • Programming expertise in Java and Python, with Agile SDLC processes
  • Experience with threat modeling, design reviews, risk analysis and control design
  • Experience architecting and leading security for Cloud native applications
  • In-depth knowledge of network security, authentication and authorization
  • Advanced understanding of vulnerability exploitation chaining and remediation
  • Demonstrated expertise in product/application security architecture
  • Security audit, Vulnerability assessment and packet analysis skills
  • Knowledge of TCP/IP stack, Encryption expertise, TLS, DTLS, ECC, PKI/Certificates
  • Experience with Identity & Access Management: AD/LDAP

Nice-to-haves

  • Experience with AI technologies and services (e.g., OpenAI, Bedrock)
  • Expertise in the security of Gen AI models, including multi-modal models
  • Experience with automation tools associated with DevOps and CI/CD pipelines
  • Familiarity with SAST/DAST/SCA tools like Fortify, Whitesource
  • Database knowledge - Postgres, Oracle, Databricks, Snowflake
  • Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM
  • Security Forensic analysis skills

Benefits

  • Health care coverage designed for the mind and body
  • Generous time off to keep you energized
  • Access to resources for career growth and learning new skills
  • Competitive pay and retirement planning
  • Continuing education program with company-matched student loan contribution
  • Family-friendly perks and benefits for partners and children
  • Retail discounts and referral incentive awards
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service