S&P Global - New York, NY

posted about 2 months ago

Full-time - Senior
Remote - New York, NY
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Lead Application Security Engineer - Generative AI at S&P Global is a pivotal role within the S&P Ratings Security team, which is dedicated to safeguarding clients and users from modern security threats. This position is responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. The successful candidate will provide security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, particularly focusing on Generative AI applications. This role is designed for a Director-level individual contributor who will collaborate with various teams, including Security, software development, Data science/LLM, QA, and Operations, to identify technical risks, evaluate critical failure points, and implement effective security controls. In this role, the engineer will drive the Secure SDLC roadmap, GenAI security strategy, and Cloud security architecture. They will assist in maturing the security engineering program, develop security tooling, and mentor team members while being a hands-on partner to development teams to deliver innovative and secure applications. The candidate will be responsible for developing, implementing, and maintaining application security and GenAI security strategies, providing architectural guidance on security best practices, and performing threat modeling, secure code reviews, and secure design reviews for high-risk applications. Additionally, they will evaluate new technology stacks and frameworks, conduct vulnerability research, and serve as a technical security advisor for new technologies and applications developed by S&P Ratings. The role also involves determining testing requirements, developing strategies to automate security testing, assisting developers in remediating vulnerabilities, and coaching development teams on security disciplines. The engineer will maintain knowledge of current and emerging technologies related to security architectural solutions and consult on security incident response processes. They will also guide development and SRE teams in building secure Cloud Native applications by incorporating best practices and industry standards.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy
  • Provide architectural guidance on best practices regarding security in software development
  • Drive and guide the specification and realization of a security architecture
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications
  • Perform vulnerability research and serve as technical security/risk advisor for new technology/applications
  • Determine testing requirements and develop strategies to automate security testing
  • Assist developers in remediating vulnerability findings by providing line-by-line guidance
  • Coach development teams on security disciplines like Threat modeling and Security code reviews
  • Maintain knowledge of current and emerging technologies related to security architectural solutions
  • Consult and assist with security incident response process
  • Consult on efforts to work with internal and external teams to effectively scope and drive Application Penetration tests
  • Guide development and SRE teams in building secure Cloud Native applications

Requirements

  • Bachelor's degree in Computer Science, related field or relevant work experience
  • 12 or more years of progressive related experience in Security engineering roles
  • Demonstrated subject matter expertise in Application Security, Web services security, GenAI/LLM security
  • Programming expertise in Java, Python, Agile SDLC processes
  • Experience with threat modeling, design reviews, risk analysis and control design
  • Experience architecting and leading security for Cloud native applications
  • In-depth knowledge of network security, authentication and authorization
  • Advanced understanding of vulnerability exploitation chaining, and vulnerability remediation
  • Demonstrated expertise in product/application security architecture
  • Security audit, Vulnerability assessment and packet analysis skills
  • TCP/IP stack knowledge, Encryption expertise, TLS, DTLS, ECC, PKI/Certificates
  • Identity & Access Management: AD/LDAP

Nice-to-haves

  • Experience with AI technologies and services (e.g., OpenAI, Bedrock, etc.)
  • Expertise in the security of Gen AI models, including multi-modal models
  • Experience with the security of automation built around Gen AI inputs and outputs
  • Knowledge with AWS cloud architecture and virtualization technologies such as Containers, EKS, Kubernetes, and VMware
  • Experience in defining and documenting security reference architectures and standards
  • Experience with automation tools associated with DevOps and CI/CD pipelines
  • Familiarity with SAST/DAST/SCA tools like Fortify, Whitesource
  • Database, datalake knowledge - Postgres, Oracle, Databricks, Snowflake
  • Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM
  • Security Forensic analysis skills

Benefits

  • Health care coverage designed for the mind and body
  • Generous time off to keep you energized
  • Access to resources for career growth and learning new skills
  • Competitive pay and retirement planning
  • Continuing education program with company-matched student loan contribution
  • Financial wellness programs
  • Family-friendly perks
  • Retail discounts and referral incentive awards
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service