The Role: Lead Security DevOps Engineer - Cyber/GenAI (Virtual)

The Team: 

S&P Ratings Security team focuses on protecting our clients and users from all aspects of modern-day security threats. The mission of our team is to safeguard systems and data by developing, innovative solutions for the biggest security challenges. We are passionate problem solvers with deep security expertise.   

Responsibilities: 

The position will be technical lead role responsible for leading security automation 

·        Responsible for the design, implementation, and management of the Security Operations activities 

·        Enhance the deployment process by improving the usability, effectiveness, and quality associated with deployment process that focuses on pipelined and automated builds. 

·        Ability to investigate, debug, and drive improvements to engineering/build automation process 

·        Support and improve the efficiency and effectiveness of tools (CI/CD, automated testing, automated security / code quality scanning, and release management) 

·        Develop and maintain automation for security testing and application deployments 

·        Develop and maintain automated security testing processes, including static code analysis (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and security scanning for containers and infrastructure 

·        Integrate security checks at various stages of the CI/CD pipelines to ensure that security assessments are performed automatically during code build, testing, and deployment 

·        Identify, prioritize, and remediate security vulnerabilities across the development and testing environments. This includes coordinating with developers and operations teams to address critical issues promptly 

·        Incident management 

Compensation/Benefits Information:

S&P Global states that the anticipated base salary range for this position is $100,200 - $185,000. Base salary ranges may vary by geographic location.

This role is eligible to receive S&P Global benefits.

For more information on the benefits we provide to our employees, visit SPG Benefits.

Skills and Experience: 

·        Experience in software development processes, version control systems, and development/DevOps tools  

·        Knowledge and experience with Agile service management tools such as Service Now 

·        Exhibit detailed understanding of application security threats especially within a cloud-native environments 

·        Experience with SAST, DAST, Cloud Security and/or SCA tools 

·        Analyze scan results, prioritize vulnerabilities based on risk, and work closely with development teams to remediate identified issues 

·        Experience with Infrastructure as Code (IaC) and automation tools/software 

·        Knowledge and experience related to securing modern software and Cloud infrastructure design methodologies 

Basic Qualifications: 

·        5-7 years' experience in cyber security 

·        Expertise in one or more areas: security testing, security automation into CI/CD pipelines, vulnerability assessment, vulnerability management, incident response  

Preferred Qualifications: 

·        Experience conducting application security assessments, threat assessments 

·        Working knowledge of OWASP Top 10, OWASP SA 

·        Working knowledge of Windows, Linux, and Unix 

·        Familiarity with network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS) 

·        Knowledge of authentication mechanisms (e.g., OAuth, SAML) and authorization protocols (e.g., RBAC, ABAC) 

·        Security operations including Incident response