S&P Global · 18 hours ago
GenAI Application Security Engineer Sr. (Tech Lead) - Remote
Phoenix, AZ
Full-time
Remote
Senior Level, Lead/Staff, Director/Executive
$130K/yr - $230K/yr
12+ years exp
Maximize your interview chancesAnalyticsBusiness Intelligence
Insider Connection @S&P Global
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Develop, implement and maintain Application security and GenAI security strategy
Provide architectural guidance on best practices regarding security in software development, shared services, user interface design frameworks, high performance messaging solutions, server-side development, integrations, tools and technologies
Drive and guide the specification and realization of a security architecture, with decisions driven by balancing security risks faced by the business along with customer or market requirements
Perform threat modeling, secure code reviews, and secure design reviews for high-risk applications, evaluate new technology stacks and frameworks
Perform vulnerability research, serve as technical security/risk advisor for new technology/applications developed by S&P Ratings
Determine testing requirements and develop strategies to automate security testing using a variety of scripting and open source tools
Assist developers in remediating vulnerability findings by providing line-by-line guidance
Coach development teams on security disciplines like Threat modeling, Security code reviews, provide training and education to developers on software security best practices
Maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions
Develop repeatable application security patterns to ensure that systems are placed within the relevant security zones based on the data they house and their purpose
Consult and assist with security incident response process
Consult on efforts to work with internal and external teams to effectively scope and drive Application Penetration tests that help identify and mitigate gaps in security controls
Guide development and SRE teams in building secure Cloud Native applications by incorporating Cloud and Microservices Security best practices and industry standards
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in Computer Science, related field or relevant work experience
12 or more years of progressive related experience in Security engineering roles
Demonstrated subject matter expertise in Application Security, Web services security, GenAI/LLM security
Programming expertise – Java, Python, Agile SDLC processes
Experience with threat modeling, design reviews, risk analysis and control design
Experience architecting and leading security for Cloud native applications
In depth knowledge of network security, authentication and authorization
Advanced understanding of vulnerability exploitation chaining, and vulnerability remediation
Demonstrated expertise in product/application security architecture – Service oriented architecture (SOA), Network security, application security, web services, Angular, JavaScript
Security audit, Vulnerability assessment and packet analysis skills
TCP/IP stack knowledge, Encryption expertise, TLS, DTLS, ECC, PKI/Certificates
Identity & Access Management: AD/LDAP
Preferred
Experience with AI technologies and services (e.g., OpenAI, Bedrock, etc.)
Expertise in the security of Gen AI models, including multi-modal models
Experience with the security of automation built around Gen AI inputs and outputs
Knowledge with AWS cloud architecture and virtualization technologies such as Containers, EKS, Kubernetes, and VMware
Experience in defining and documenting security reference architectures and standards
Experience with automation tools associated with DevOps and CI/CD pipelines, and with security integration into CI/CD
Familiarity with SAST/DAST/SCA tools like Fortify, Whitesource
Database, datalake knowledge – Postgres, Oracle, Databricks, Snowflake
Familiarity with Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM
Security Forensic analysis skills
Benefits
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
Company
S&P Global
S&P Global is a market intelligence company that provides financial information and data analytics services.
10001+ employees
H1B Sponsorship
S&P Global has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (23)
2022 (37)
2021 (47)
2020 (32)
Funding
Current Stage
Public CompanyTotal Funding
$750M2023-09-07Post Ipo Debt· $750M
2016-04-28IPO
Leadership Team
Douglas Peterson
President and CEO
Martina L. Cheung
CEO
Recent News
Gifts & Decorative Accessories
2024-12-24
Home Accents Today
2024-12-23
2024-12-23
Company data provided by crunchbase
