Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
Job Details
About the Role: Grade Level (for internal use):12 The Role: Lead II Security Engineer, Vulnerability Management The Team: S&P Ratings Security team focuses on protecting our clients and users from all aspects of modern-day security threats. The mission of our team is to safeguard systems and data by developing innovative solutions for the biggest security challenges. Responsibilities: A successful candidate for this position will:
- Perform SAST/DAST scans during application development
- Perform complex network vulnerability scans in a cloud environments using common vulnerability assessment tools
- Review and risk assess the criticality and priority of all vulnerability findings
- Analyze , develop and deploy remediation plans for vulnerabilities
- Use an analytical approach to remediate Infrastructure and Applications driving risk reduction and surfacing risk posture across the organization
- Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and engineering/security teams
- Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives
- Track and monitor key milestones, after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities
- Perform ad-hoc data analysis, clean-ups, and reporting using large complex data sets for high-priority security remediations
- Curation and assessment of vulnerability data extracts to analyze and resolve false positives and false negatives
- Support new project, programs or initiatives with vulnerabilities scanning of new or existing assets as required
- Assist and train application developers with vulnerability fixes
- Bachelor’s Degree in Computer Science, Information Systems, or equivalent work-related experience
- Sound knowledge of common infrastructure and web application vulnerability categorizations such as CVE, CVSS, CWE
- Experience with different types of vulnerability assessment tools or related experience with SAST/SCA/DAST and Network scanning
- 5-10 years in a professional environment preferably as part of an operational security function (vulnerability management, application testing, penetration testing, technical project management)
- Minimum of 3 years on a large-scale vulnerability management engagement
- Sound understanding of application & web-based attacks and remediation
- Experience judging the priority of a vulnerability based on risk and impact
- Deep application security knowledge, with the ability to map an application vulnerability to exploitation indicators and relevant investigative techniques
- Excellent communication skills, with an emphasis on the ability to communicate complex security topics, policies, and standards.
- Excellent interpersonal skills and ability to analyze issues while balancing the business need with the required level of security posture
- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
- Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
About the Company
S&P Global
United States
At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening up possibilities. We Accelerate Progress in the world.... Read more