S&P Global jobs - Application Security Engineer

S&P Global Corporate

The Role: Application Security Engineer

Grade: 10

The Location: Hyderabad-Skyview

The Team

The Application security team is responsible to protect applications & product within the company which are built to empower the markets, the responsibility includes the team to protect from bad actors & making sure security hygiene is encompassed in the software development

The Impact

This role would be responsible for running Static & dynamic scans with in the SDLC, resource would also be responsible for working with developers to remediate the findings, provide fix recommendations, train the developers to implement secure coding practices, Code and Automate deployment of various tools in CI/CD

What’s In It For You

S&P’s environment gives a greater exposure to cutting edge technologies which the applicant could benefit for career progression the work environment is very flexible. The person in this role will also lead in securely building the application, deployment, and operations of all of our systems.

Responsibilities

• Refine and drive widespread adoption of our secure development lifecycle process
• Build partnerships with other development teams, be a source of expertise in security best practices
• Architect tooling solutions evaluate them, deploy and work with developers to integrate them
• Perform hands on assessments by reviewing code, identifying issues & providing recommendations to fix them
• Develop and deliver engaging and memorable security trainings
• lead enterprise wide penetration tests
• Provide detailed guidance and support to teams in application vulnerability remediation
• Build out secure API’s by partnering with developers and make sure the utilization is baked into development cadence
• Provide application security guidance on cloud environments as well as non-cloud environments
• Communicate relevant metrics and trends to the technology leadership team.
• Ensure stakeholder satisfaction
• Code and Automate deployment of various tools in CI/CD using Ansible
  
  

Basic Qualifications

What We’re Looking For:

4+ years of Experience in Application security

1+ years of Experience in Development [ Java, .Net, Python, Powershell]

Seeking a motivated and collaborative application security lead to help us implement secure development lifecycle program. This role requires interpersonal skills as well as a deep and broad understanding of S&P’s overall business strategy, overall architecture and products. The individual must be technical and collaborative with an ability to influence Architects & Developers to build security into the Software Development Lifecycle.

• Generalists who love learning new things and concocting creative security solutions for novel and risky functionality
• 4+ years experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modeling
• 1+ years experience in conducting mobile pentest’s & assessments
• Experience with static code analysis tools (Fortify)
• Experience with Dynamic analysis tools (WebInspect)
• Experience with Software Composition Analysis (Whitesource)
• Experience using Xcode, MobSF, Charles, Genymotion , other mobile pentesting tools
• Deep understanding of common web application attacks
  
  

Preferred Qualifications

Experience & ability to run

• Dynamic vulnerability assessments (DVA)
• Static vulnerability assessments (SVA) – Code reviews
• Software composition analysis (SCA)
• Mobile vulnerability Assessments (MVA) – IOS & Android
• Penetration Tests

• Training & Empowering Developers on Security principles & coding practices
• Define security in design requirements in software development & work with developers to bake it in the design
• Perform hands on Application Security assessments using commercial & open source tools
• Configure scans & establish baseline scans using Fortify/Webinspect
• Vulnerability Research & Discovery.
• Work with the Development team to provide recommendations & build maturity levels to enable self service
  
  

Good To Have Working Knowledge On The Below Tools/Platforms

• HP Webinspect, HP Fortify, Kali Linux, Burp suite pro, Charles proxy, Dex 2 jar, Azure Devops, Jenkins, Ansible, Genymotion, Whitesource, Twistlock, Threat modeler, wireshark, tcpdump, ZAP.