Be an early applicantLess than 25 applicants
S&P Global · 4 days ago
GenAI Lead Application Security Engineer
Richmond, VA
Full-time
Remote
Senior Level
$117K/yr - $200K/yr
6+ years exp
Wonder how qualified you are to the job?
Maximize your interview chancesAnalyticsBusiness Intelligence
Insider Connection @S&P Global
Responsibilities
Provides architectural guidance on best practices regarding security in software development, shared services, user interface design frameworks, high performance messaging solutions, server-side development, integrations, tools and technologies
Drives and guides the specification and realization of a security architecture, with decisions driven by balancing security risks faced by the business along with customer or market requirements
Develops, implements and maintains Application security and GenAI security strategy
Performs threat modeling, secure code reviews, and secure design reviews for high-risk applications, evaluates new technology stacks and frameworks
Performs vulnerability research, serves as technical security/risk advisor for new technology/applications developed by S&P Ratings
Determines testing requirements and develops strategies to automate security testing using a variety of scripting and open-source tools
Assists developers in remediating vulnerability findings by providing line-by-line guidance
Coaches development teams on security disciplines like Threat modeling, Security code reviews, provides training and education to developers on software security best practices
Maintains knowledge of current and emerging technologies/products/trends related to security architectural solutions
Develops repeatable application security patterns to ensure that systems are placed within the relevant security zones based on the data they house and their purpose
Consults and assists with security incident response process
Consults on efforts to work with internal and external teams to effectively scope and drive Application Penetration tests that help identify and mitigate gaps in security controls
Guides development and SRE teams in building secure Cloud Native applications by incorporating Cloud and Microservices Security best practices and industry standards
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in Computer Science, related field or relevant work experience
6 or more years of progressive related experience in Security engineering roles
Demonstrated programming expertise – Java, Python
Demonstrated subject matter expertise in Application Security, Web services security, GenAI/LLM security
Experience with threat modeling, risk analysis and control design
Experience architecting and leading security for Cloud native applications
In depth knowledge of network security, authentication and authorization
Advanced understanding of vulnerability exploitation chaining, and vulnerability remediation
Demonstrated expertise in product/application security architecture – Service oriented architecture (SOA), Network security, application security, web services, Angular, JavaScript
Security audit, Vulnerability assessment and packet analysis skills
TCP/IP stack knowledge, Encryption expertise, TLS, DTLS, ECC, PKI/Certificates
Identity & Access Management: AD/LDAP
Preferred
Exposure to the Agile SDLC process
Security Forensic analysis skills
Knowledge with AWS cloud architecture, and virtualization technologies, such as Containers, EKS, Kubernetes, and VMware
Experience performing threat modeling and design reviews to assess security implications and requirements
Experience in defining and documenting security reference architectures and standards
Experience with automation tools associated with DevOps and CI/CD pipelines, and with security integration into CI/CD
Familiarity with SAST/DAST/SCA tools like Fortify, Whitesource
Database, datalake knowledge – Postgres, Oracle, Databricks, Snowflake
Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM/BSIMM
Hands on experience with AI technologies and services (e.g., ChatGPT, Bedrock, etc.)
Expertise in the security of Gen AI models, including multi-modal models
Experience with the security of automation built around Gen AI inputs and outputs
Benefits
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
Company
S&P Global
S&P Global is a market intelligence company that provides financial information and data analytics services.
10,001+ employees
H1B Sponsorship
S&P Global has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Trends of Total Sponsorships
2023 (23)
2022 (37)
2021 (47)
2020 (32)
Funding
Current Stage
Public CompanyTotal Funding
$750M2023-09-07Post Ipo Debt· $750M
1978-01-13IPO· nyse:SPGI
Leadership Team
Douglas Peterson
President and CEO
Joshua Feliciano
Vice President of Collaboration & Workplace Strategy
Recent News
2024-02-26
2023-12-27
Company data provided by crunchbase
