Lead Security Test Engineer
Princeton, NJ Secondary Location(s) -
based on experience: Centennial, CO, NYC, Charlottesville or Richmond, VA Grade Level:
(internal use only) 11 The Team:
The Quality Engineering team works in partnership with other Technology Functions and the Business to ensure quality delivery of our products. The team works in an Agile environment and is located globally. The team is independent in driving all decisions and is responsible for continuously improving customer experience, revenue growth and operations enablement through quick turn-around of development of our products with high quality. The Impact:
As a Lead Security Test Engineer, you will lead in building innovative solutions to test applications security across Web/Windows/Mobile/API/Services platforms. Your challenge will be delivery high quality and secure products on time to market, by leveraging automation and innovation. You will use a wide range of technologies and have the opportunity to interact with different internal teams.
Research, design, build efficient penetration tests on Web, API, Data, Mobile and Infrastructure. And execute.
Perform static and dynamic analysis on customer facing applications, websites, and large enterprise networks Responsibilities
- Research, design, build efficient penetration tests on Web, API, Data, mobile and Infrastucture. And execute.
- Perform static and dynamic analysis on customer facing applications, websites, and large enterprise networks
- Manage complex assessments independently and with different size teams
- Work with internal and external stakeholders to deliver high quality penetration tests
- Provide reports clearly articulate vulnerabilities and weaknesses to clients
- Lead strategic team activities outside of normal BAU testing to raise the security posture
- Innovate towards the goal of establishing novel security assurance services and the enhancement of existing services
- Create Security test frame work for different products (Web, Data, API), and drive implementing security test frameworks in scrum teams
- Liase with Corporate security team in implementing Security test Methodology.
- Proactively identify security risks and design tests to mitigate the risk
- Communicate effectively with Business Stakeholders
What we are looking for:
- Research new tools in the market and provide recommendations to implement
- Review, Design and develop Security test plans, test cases, execute test cases and analyze and report test results to the teams
- Involved in requirements review and participate in architecture/design reviews with an emphasis on security test strategy and ensuring best practices
- Relevant skills to design and conduct penetration testing in the following domains: Application, Infrastructure, Mobile (iOS, Android), Wireless, Physical assessment and Code review
- A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
- 5+ years in Information Security Role
- 5+ years performing security penetration testing
- Experience developing custom tools when necessary
- Must have 3+ yeas of Commercial Web Application Tool Experience (i.e. Burp, AppScan, WebInspect.......)
- The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
- Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities. Write Security assessment reports
- Provide subject matter expertise in support of security incidents/investigations as required.
- Research new and emerging threats, counter controls and technologies affecting various platforms
- Proficiency in understanding web application full-stack architecture and network models.
About S&P Global Market Intelligence:
- Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications
- Certification preferred
- Experience with debugging tools like: Dev Tools, Network Sniffer, Fiddler etc.
- Conduct Security Audits
At S&P Global Market Intelligence, we know that not all information is important-some of it is vital. Accurate, deep and insightful. We integrate financial and industry data, research and news into tools that help track performance, generate alpha, identify investment ideas, understand competitive and industry dynamics, perform valuation and assess credit risk. Investment professionals, government agencies, corporations and universities globally can gain the intelligence essential to making business and financial decisions with conviction.
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. #LI-LA1
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group) Job ID:
257812 Posted On:
Princeton, New Jersey, United States