The Role: Lead Security Engineer Grade-11 Location – US, Virtual or Toronto, Canada The Team: S&P Ratings Security team focuses on protecting our clients and users from all aspects of modern-day security threats. The mission of our team is to safeguard systems and data by developing, innovative solutions for the biggest security challenges. We are passionate problem solvers with deep security expertise. The Impact: We are looking for a Lead security engineer responsible for leading the security Automation, Tooling and DevSecOps functions to enhance security in S&P Ratings Applications and Services. What’s in it for you: This position is a technical lead role with an opportunity to utilize their expertise in Security operations, pipeline automation, and vulnerability remediation. This position will collaborate with software development teams, DevOps, and SRE to drive security in to how we design, build, deploy, and operate applications. Responsibilities include mentoring junior engineers and maturing the team’s capabilities and processes. Responsibilities: The position will be technical lead role responsible for leading security automation · Responsible for the design, implementation, and management of the Security Operations activities · Enhance the deployment process by improving the usability, effectiveness, and quality associated with deployment process that focuses on pipelined and automated builds. · Ability to investigate, debug, and drive improvements to engineering/build automation process · Support and improve the efficiency and effectiveness of tools (CI/CD, automated testing, automated security / code quality scanning, and release management) · Develop and maintain automation for security testing and application deployments · Develop and maintain automated security testing processes, including static code analysis (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and security scanning for containers and infrastructure · Integrate security checks at various stages of the CI/CD pipelines to ensure that security assessments are performed automatically during code build, testing, and deployment · Identify, prioritize, and remediate security vulnerabilities across the development and testing environments. This includes coordinating with developers and operations teams to address critical issues promptly · Incident management Skills and Experience: · Experience in software development processes, version control systems, and development/DevOps tools · Knowledge and experience with Agile service management tools such as Service Now · Exhibit detailed understanding of application security threats especially within a cloud-native environments · Experience with SAST, DAST, Cloud Security and/or SCA tools · Analyze scan results, prioritize vulnerabilities based on risk, and work closely with development teams to remediate identified issues · Experience with Infrastructure as Code (IaC) and automation tools/software · Knowledge and experience related to securing modern software and Cloud infrastructure design methodologies Basic Qualifications: · 5-7 years' experience in cyber security · Expertise in one or more areas: security testing, security automation into CI/CD pipelines, vulnerability assessment, vulnerability management, incident response Preferred Qualifications: · Experience conducting application security assessments, threat assessments · Working knowledge of OWASP Top 10, OWASP SA · Working knowledge of Windows, Linux, and Unix · Familiarity with network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS) · Knowledge of authentication mechanisms (e.g., OAuth, SAML) and authorization protocols (e.g., RBAC, ABAC) · Security operations including Incident response · t response ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.  US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. ----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID: 293030 Posted On: 2023-10-13 Location: New York, New York, United States