S&P Global - New York, NY
posted about 2 months ago
The Sr. Lead Application Security Engineer - Generative AI at S&P Global is a pivotal role within the S&P Ratings Security team, which is dedicated to safeguarding clients and users from modern security threats. This position is responsible for the development and implementation of security architecture and engineering best practices across S&P Ratings technology platforms. The successful candidate will provide security engineering and architecture consultation to enhance security in S&P Ratings Applications and Services, particularly focusing on Generative AI applications. This role is designed for a Director-level individual contributor who will collaborate with various teams, including Security, software development, Data science/LLM, QA, and Operations, to identify technical risks, evaluate critical failure points, and implement effective security controls. In this role, the engineer will drive the Secure SDLC roadmap, GenAI security strategy, and Cloud security architecture. They will assist in maturing the security engineering program, develop security tooling, and mentor team members while being a hands-on partner to development teams to deliver innovative and secure applications. The candidate will be responsible for developing, implementing, and maintaining application security and GenAI security strategies, providing architectural guidance on security best practices, and performing threat modeling, secure code reviews, and secure design reviews for high-risk applications. Additionally, they will evaluate new technology stacks and frameworks, conduct vulnerability research, and serve as a technical security advisor for new technologies and applications developed by S&P Ratings. The role also involves determining testing requirements, developing strategies to automate security testing, assisting developers in remediating vulnerabilities, and coaching development teams on security disciplines. The engineer will maintain knowledge of current and emerging technologies related to security architectural solutions and consult on security incident response processes. They will also guide development and SRE teams in building secure Cloud Native applications by incorporating best practices and industry standards.