S&P Global - Sioux Falls, SD

posted 19 days ago

Full-time - Senior
Sioux Falls, SD
10,001+ employees
Computing Infrastructure Providers, Data Processing, Web Hosting, and Related Services

About the position

The Sr. Lead Application Security Engineer - Generative AI at S&P Global is a Director-level individual contributor role focused on enhancing security across S&P Ratings technology platforms. This position involves developing and implementing security architecture and engineering best practices, particularly for GenAI applications. The engineer will collaborate with various teams to identify technical risks, drive the Secure SDLC roadmap, and mentor development teams in security disciplines.

Responsibilities

  • Develop, implement and maintain Application security and GenAI security strategy.
  • Provide architectural guidance on best practices regarding security in software development and integrations.
  • Drive and guide the specification and realization of a security architecture.
  • Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications.
  • Perform vulnerability research and serve as a technical security/risk advisor for new technology/applications.
  • Determine testing requirements and develop strategies to automate security testing.
  • Assist developers in remediating vulnerability findings by providing guidance.
  • Coach development teams on security disciplines and provide training on software security best practices.
  • Maintain knowledge of current and emerging technologies related to security architectural solutions.
  • Consult and assist with security incident response processes.
  • Guide development and SRE teams in building secure Cloud Native applications.

Requirements

  • Bachelor's degree in Computer Science or related field or relevant work experience.
  • 12 or more years of progressive related experience in Security engineering roles.
  • Demonstrated subject matter expertise in Application Security, Web services security, and GenAI/LLM security.
  • Programming expertise in Java and Python, and Agile SDLC processes.
  • Experience with threat modeling, design reviews, risk analysis, and control design.
  • Experience architecting and leading security for Cloud native applications.
  • In-depth knowledge of network security, authentication, and authorization.
  • Advanced understanding of vulnerability exploitation chaining and remediation.
  • Demonstrated expertise in product/application security architecture.
  • Security audit, Vulnerability assessment, and packet analysis skills.
  • Knowledge of TCP/IP stack, Encryption, TLS, DTLS, ECC, PKI/Certificates.
  • Experience with Identity & Access Management: AD/LDAP.

Nice-to-haves

  • Experience with AI technologies and services (e.g., OpenAI, Bedrock).
  • Expertise in the security of Gen AI models, including multi-modal models.
  • Experience with automation tools associated with DevOps and CI/CD pipelines.
  • Familiarity with SAST/DAST/SCA tools like Fortify, Whitesource.
  • Database knowledge - Postgres, Oracle, Databricks, Snowflake.
  • Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM.

Benefits

  • Health care coverage designed for the mind and body.
  • Generous time off to keep you energized.
  • Access to resources for continuous learning and career growth.
  • Competitive pay and retirement planning.
  • Family-friendly perks for partners and children.
  • Retail discounts and referral incentive awards.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service