S&P Global - Nashville, TN

posted about 2 months ago

Full-time - Senior
Onsite - Nashville, TN
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Lead Application Security Engineer - Generative AI is a key role within the S&P Ratings Security team, focusing on safeguarding systems and data against modern security threats. This position involves developing and implementing security architecture and engineering best practices across S&P Ratings technology platforms, particularly in GenAI applications. The role requires collaboration with various teams to identify technical risks, implement security controls, and enhance the security engineering program.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy.
  • Provide architectural guidance on best practices regarding security in software development and related technologies.
  • Drive the specification and realization of a security architecture balancing security risks with business requirements.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications.
  • Conduct vulnerability research and serve as a technical security/risk advisor for new technologies/applications.
  • Determine testing requirements and develop strategies to automate security testing using various tools.
  • Assist developers in remediating vulnerability findings with detailed guidance.
  • Coach development teams on security disciplines and provide training on software security best practices.
  • Maintain knowledge of current and emerging technologies related to security architectural solutions.
  • Develop repeatable application security patterns for system security zoning.
  • Consult on security incident response processes and application penetration tests.
  • Guide teams in building secure Cloud Native applications incorporating best practices.

Requirements

  • Proven experience in application security and security architecture.
  • Strong understanding of secure software development lifecycle (SDLC) practices.
  • Experience with threat modeling and secure code review processes.
  • Familiarity with vulnerability research and remediation techniques.
  • Ability to automate security testing and develop security tooling.
  • Experience mentoring and training development teams on security best practices.

Nice-to-haves

  • Experience with Generative AI technologies and security implications.
  • Knowledge of Cloud and Microservices Security best practices.
  • Familiarity with scripting and open-source security tools.

Benefits

  • Annual incentive plan based on performance.
  • Comprehensive health insurance coverage.
  • 401(k) retirement savings plan with company matching.
  • Flexible work-from-home options.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service