S & P Global

Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives. 5-10 years in a professional environment preferably as part of an operational security function (vulnerability management, application testing, penetration testing, technical project management). Minimum of 3 years on a large-scale vulnerability management engagement. Deep application security knowledge, with the ability to map an application vulnerability to exploitation indications and relevant investigative techniques.. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

vulnerability management

The Role: Lead II Security Engineer, Vulnerability Management The Team S&P Ratings Security team focuses on protecting our clients and users from all aspects of modern-day security threats. The mission of our team is to safeguard systems and data by developing innovative solutions for the biggest security challenges. Responsibilities A successful candidate for this position will: <ul><li>Perform complex network vulnerability scans in a cloud environments using common vulnerability assessment tools</li><li>Analyze, identify, and develop remediation plans for vulnerabilities</li><li>Use an analytical approach to build and troubleshoot Infrastructure and Applications driving risk reduction and surfacing risk posture across the organization.</li><li>Develop reports using data that is hosted in multiple sources/tools (e.g., spreadsheets, dashboards) and communicate clearly to leadership and other cyber security teams</li><li>Review and risk assess the criticality and priority of all vulnerability scans along with existing toolset for prioritization</li><li>Engage with Application engineering leads and SRE/IT teams to coordinate vulnerability remediation from technical and policy compliance perspectives</li><li>Track and monitor key milestones or after significant change in the environment to identify network, infrastructure, and configuration vulnerabilities</li><li>Perform ad-hoc data remediation, clean-ups, and reporting using large complex data sets for high-priority security remediations</li><li>Curation and assessment of vulnerability data extracts to analyze and resolve false positives</li><li>Support new project, programs or initiatives with vulnerabilities scanning of new or existing assets as required </li></ul>Compensation/Benefits Information S&P Global states that the anticipated base salary range for this position is $100,200 - $185,000. Base salary ranges may vary by geographic location. This role is eligible to receive S&P Global benefits. For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires. Basic Qualifications <ul><li>Bachelor’s Degree in Computer Science, Information Systems, or equivalent work-related experience</li><li>Sound knowledge of common infrastructure and web application vulnerability categorizations such as CVE, CVSS, CWE</li><li>Experience with different types of vulnerability assessment tools or related experience in vulnerability detection DAST/SAST tools</li><li>5-10 years in a professional environment preferably as part of an operational security function (vulnerability management, application testing, penetration testing, technical project management)</li><li>Minimum of 3 years on a large-scale vulnerability management engagement</li><li>Sound understanding of application & web-based attacks and remediation</li><li>Experience judging the priority of a vulnerability based on risk and impact.</li><li>Deep application security knowledge, with the ability to map an application vulnerability to exploitation indications and relevant investigative techniques. </li></ul>Preferred Qualifications <ul><li>Excellent communication skills, with an emphasis on the ability to communicate security topics, policies, and standards.</li><li>Excellent interpersonal skills and ability to analyze issues while balancing the business need with the required level of security posture</li><li>Prior experience in a large and complex organization, operating across numerous locations and with a high degree of change </li></ul>Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.  US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID: 293031 Posted On: 2023-12-20 Location: New York, New York, United States

START NEW SEARCH