Cloud & Application Security Engineer at S&P Global

New York, New York, United States

Apply Now
S&P Global Logo
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Energy, Technology, Financial ServicesIndustries

Requirements

  • Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field
  • 6+ years of experience in IT security or a related field
  • Python programming skills
  • Familiarity with threat modeling, risk assessment, and incident response
  • Experience with firewalls, IDS/IPS systems, SIEM, endpoint protection, and vulnerability scanning tools
  • Knowledge of network protocols, operating systems (Windows, Linux), and cloud platforms (e.g., AWS, Azure, GCP)
  • Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
  • Detailed understanding of security threats especially within a cloud-native environment
  • Proven capability to advocate for security best practices in terms of business value and enablement
  • Established experience

Responsibilities

  • Work closely with GE towers to help remediate Cloud and Application vulnerabilities
  • Conduct regular security audits, risk assessments, and vulnerability scans
  • Develop and maintain security policies, procedures, and best practices
  • Ensure compliance with industry regulations (e.g., DORA, ISO 27001)
  • Assist with the development of security awareness training programs
  • Work with IT teams to design secure systems and networks
  • Stay up-to-date with current security threats, trends, and technologies
  • Monitor systems and networks for security breaches or intrusions
  • Investigate and respond to security incidents and alerts
  • Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle
  • Drive behavioral change and inspire a security culture through advocacy and awareness campaigns targeting the engineering teams
  • Assist the Head of DevOps and SRE with continuous refinement and implementation of the division’s cyber security strategy by providing feedback gathered from the engineering teams via the security champions
  • Produce periodic, high-quality reports illustrating program status, areas for improvement, and success attributes aligning to the business
  • Remain current with new security threats and DevSecOps best practices
  • Demonstrate security expertise both within the firm and in the industry at large
  • Perform other duties related as assigned

Skills

Key technologies and capabilities for this role

Cloud SecurityApplication SecurityVulnerability RemediationSecurity AuditsRisk AssessmentsVulnerability ScansSecurity PoliciesCompliance

Questions & Answers

Common questions about this position

What is the work location and arrangement for this role?

The position is located in NY or NJ with a hybrid schedule requiring 2 days onsite.

What are the main responsibilities of the Cloud & Application Security Engineer?

Key responsibilities include working with GE towers to remediate cloud and application vulnerabilities, conducting security audits and risk assessments, developing security policies, ensuring compliance with regulations like DORA and ISO 27001, and driving a security-first culture through the security champions program.

What is the team structure for this position?

The role is part of the SPGE Technology Security team, accountable for the overall cyber security of the division, and involves working with software development, cloud architecture, operations teams, and security champions across divisions.

What growth opportunities are available in this role?

As your technology and organizational experience grows, there is an opportunity to expand your role by collaborating with other divisional teams to increase overall security maturity, demonstrate leadership in security and developer communities, and shape the security champions program.

What does the company culture emphasize for this role?

The role instills values of enablement, accountability, and shared responsibility, while building a security-first culture through advocacy, awareness campaigns, and collaboration with engineering teams.

S&P Global

Provides financial information and analytics services

Website

About S&P Global

S&P Global provides financial information and analytics to a wide range of clients, including investors, corporations, and governments. The company offers services such as credit ratings, market intelligence, and indices, which help clients understand and navigate the global financial market. S&P Global's products work by utilizing advanced data analytics and research to deliver insights that assist clients in making informed decisions and managing risks. Unlike many competitors, S&P Global has a diverse range of divisions, including S&P Global Ratings and S&P Dow Jones Indices, which allows it to cater to various financial needs. The company's goal is to support clients in driving growth while also committing to corporate responsibility and positive societal impact.

New York City, New YorkHeadquarters
1917Year Founded
IPOCompany Stage
Data & Analytics, Financial ServicesIndustries
10,001+Employees

Benefits

Health Insurance
Unlimited Paid Time Off
Professional Development Budget
401(k) Company Match
Family Planning Benefits
Employee Discounts

Risks

Integration challenges with new acquisitions like ProntoNLP may cause operational issues.
Increased competition from AI-driven platforms like Brooklyn Investment Group.
Dependence on volatile credit ratings market could impact revenue stability.

Differentiation

S&P Global integrates advanced AI tools for superior financial analytics capabilities.
The company offers comprehensive ESG solutions, meeting growing sustainability demands.
S&P Global's diverse divisions provide a wide range of financial services globally.

Upsides

Acquisition of ProntoNLP boosts data analytics and sentiment scoring capabilities.
Rising demand for ESG data enhances S&P Global's market position.
Expansion into India strengthens S&P Global's research and insights offerings.

Related Jobs

United States
Remote iconRemote

Security Engineer, Cloud Security

Red Cell Partners
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Remote
Remote iconRemote

Principal DevSecOps Engineer

Second Front Systems
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Senior Application Security Engineer

M&T Bank
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Washington
Remote iconRemote

Sales Engineer - Federal

SpyCloud
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Hundred
Remote iconRemote

Senior Cloud Security Architect (R-00079)

True Zero Technologies
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States
Remote iconRemote

Deputy Compliance Officer

Bitcoin Depot
Salary not specified
  • Employment type iconFull Time
  • Experience level iconMid-level (3 to 4 years), Senior (5 to 8 years)
New York
Remote iconRemote

Information Security Engineer

Algolia
Salary not specified
Remote
Remote iconRemote

DevOps Lead

StraighterLine
$150,000 - $220,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)

Land your dream remote job 3x faster with AI

Try Jobo Free