S&P Global - Charleston, WV

posted 19 days ago

Full-time - Senior
Onsite - Charleston, WV
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Lead Application Security Engineer - Generative AI is a key role within the S&P Ratings Security team, focusing on safeguarding systems and data against modern security threats. This position involves developing and implementing security architecture and engineering best practices across S&P Ratings technology platforms, particularly in GenAI applications. The role requires collaboration with various teams to identify technical risks, implement security controls, and enhance the security engineering program.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy.
  • Provide architectural guidance on best practices regarding security in software development and related technologies.
  • Drive and guide the specification and realization of a security architecture balancing security risks with business requirements.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications.
  • Conduct vulnerability research and serve as a technical security/risk advisor for new technology/applications.
  • Determine testing requirements and develop strategies to automate security testing using scripting and open source tools.
  • Assist developers in remediating vulnerability findings with detailed guidance.
  • Coach development teams on security disciplines and provide training on software security best practices.
  • Maintain knowledge of current and emerging technologies related to security architectural solutions.
  • Develop repeatable application security patterns for system security zoning.
  • Consult on security incident response processes and application penetration tests.
  • Guide development and SRE teams in building secure Cloud Native applications.

Requirements

  • Proven experience in application security and security architecture.
  • Strong understanding of secure software development lifecycle (SDLC) practices.
  • Experience with threat modeling and secure code review processes.
  • Familiarity with vulnerability research and remediation techniques.
  • Knowledge of cloud security best practices and microservices architecture.
  • Ability to mentor and coach development teams on security best practices.

Nice-to-haves

  • Experience with Generative AI technologies and their security implications.
  • Familiarity with various scripting languages for automation of security testing.
  • Certifications in security (e.g., CISSP, CISM, CEH) are a plus.

Benefits

  • Annual incentive plan based on performance.
  • Comprehensive health insurance coverage.
  • 401(k) retirement savings plan with company matching contributions.
  • Flexible work-from-home options.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service