Lead II Security Engineer, Vulnerability Management
S&P Global
Application
Details
Posted: 14-Nov-23
Location: Princeton, New Jersey
Type: Full Time
Salary: Open
Internal Number: 20366345
The Role : Lead II Security Engineer, Vulnerability Management Grade: 12 Location: US, Virtual or Toronto, Canada
The Team : S&P Ratings Security team focuses on protecting our clients and users from all aspects of modern-day security threats. The mission of our team is to safeguard systems and data by developing innovative solutions for the biggest security challenges.
What's in it for you : Working in a technology team supporting global users; work across software development, QA, SRE and Operations teams to identify vulnerabilities, determine technical security controls to mitigate risks, prioritize and schedule controls with development timelines, and work with cross functional teams to implement remediations.
Responsibilities : A successful candidate for this position will:
Perform complex network vulnerability scans in a cloud environments using common vulnerability assessment tools
Analyze, identify, and develop remediation plans for vulnerabilities
Use an analytical approach to build and troubleshoot Infrastructure and Applications driving risk reduction and surfacing risk posture across the organization.
Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and other cyber security teams
Review and risk assess the criticality and priority of all vulnerability scans along with existing toolset for prioritization
Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives
Track and monitor key milestones or after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities
Perform ad-hoc data remediation, clean-ups, and reporting using large complex data sets for high-priority security remediations
Curation and assessment of vulnerability data extracts to analyze and resolve false positives
Support new project, programs or initiatives with vulnerabilities scanning of new or existing assets as required
Basic Qualifications :
Bachelor's Degree in Computer Science, Information Systems, or equivalent work-related experience
Sound knowledge of common infrastructure and web application vulnerability categorizations such as CVE, CVSS, CWE
Experience with different types of vulnerability assessment tools or related experience in vulnerability detection DAST/SAST tools
5-10 years in a professional environment preferably as part of an operational security function (vulnerability management, application testing, penetration testing, technical project management)
Minimum of 3 years on a large-scale vulnerability management engagement
Sound understanding of application & web-based attacks and remediation
Experience judging the priority of a vulnerability based on risk and impact.
Deep application security knowledge, with the ability to map an application vulnerability to exploitation indications and relevant investigative techniques.
Preferred qualifications:
Excellent communication skills, with an emphasis on the ability to communicate security topics, policies, and standards.
Excellent interpersonal skills and ability to analyze issues while balancing the business need with the required level of security posture
Prior experience in a large and complex organization, operating across numerous locations and with a high degree of change
Compensation/Benefits Information: S&P Global states that the anticipated base salary range for this position is $100,200 - $185,000. Base salary ranges may vary by geographic location.
This role is eligible to receive S&P Global benefits.
For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires .
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.