SENIOR LEAD III, SECURITY ARCHITECT (HYBRID OR VIRTUAL)

• Virtual, New York; Virtual, Alabama; Virtual, Arizona; Virtual, Colorado; Virtual, Florida; Virtual, Georgia; Virtual, Massachusetts; Virtual, Maryland; Virtual, North Carolina; Virtual, New York; Virtual, Pennsylvania; Virtual, South Carolina; Virtual, Tennessee; Virtual, Texas; Virtual, Virginia; Virtual, West Virginia
• Information Technology
• 310773

BASIC REQUIRED QUALIFICATIONS:

• Bachelor’s degree in Computer Science or related field, or relevant experience.
• 12+ years in Security engineering roles.
• Expertise in Application Security, Web services, and Network Security.
• Proficiency in Java, Python, and Agile SDLC.
• Experience with threat modeling, risk analysis, and controls.
• Experience leading security for Cloud-native applications.
• In-depth knowledge of network security and authentication.
• Advanced understanding of vulnerability exploitation and remediation.
• Expertise in security architecture, SOA, web services, and JavaScript.
• Skills in security audits, vulnerability assessments, and packet analysis.
• Knowledge of TCP/IP, encryption, TLS, and PKI/Certificates.
• Experience with Identity & Access Management.

ADDITIONAL PREFERRED QUALIFICATIONS:

• Experience securing Gen AI models.
• Experience with security automation.
• Knowledge of AWS, Containers, Kubernetes, and VMware.
• Experience defining security reference architectures and standards.
• Familiarity with automation tools for DevOps and CI/CD pipelines.
• Knowledge of SAST/DAST/SCA tools (e.g., Fortify, Whitesource).
• Experience with databases (Postgres, Oracle, Snowflake).
• Familiarity with Secure SDLC frameworks (e.g., NIST SSDF, OpenSAMM).
• Security Forensic analysis skills.

RIGHT TO WORK REQUIREMENTS:

This role is limited to persons with indefinite right to work in the United States.
Compensation/Benefits Information (US Applicants Only): S&P Global states that the anticipated base salary range for this position is $130,000 - $220,000.
Final base salary for this role will be based on the individual’s geographic location, as well as experience level, skill set, training, licenses, and certifications. In addition to base compensation, this role is eligible for an annual incentive plan. This role is eligible to receive additional S&P Global benefits. For more information on the benefits that we provide to our employees, .

OUR PEOPLE:

We’re more than 35,000 strong worldwide—so we’re able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.
From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference.

RESPONSIBILITIES AND IMPACT:

This is a Director level individual contributor role with broad experience in application security, cloud security, and security architecture that will work across Security, software development, Data science/LLM, QA, and Operations teams to identify component and system level technical risks, identify and evaluate critical failure points, determine technical security controls to mitigate risks, prioritize and schedule controls with application development timelines, and work with cross functional teams to implement remediations.
This role will drive the Secure SDLC roadmap, Application and Network Security strategy, Cloud security architecture. The role will assist with maturing the security engineering program, develop security tooling, mentor others, and be hands-on partner to our development teams to deliver innovative and secure applications.

RESPONSIBILITIES:

• Evaluate threats and identify vulnerabilities to prioritize data security risks.
• Develop and enforce data security policies for compliance with industry standards.
• Review access management controls for security gaps.
• Implement encryption techniques to protect sensitive data.
• Maintain Application and Cloud security strategies.
• Guide security best practices in software development, UI design, and technologies.
• Lead the creation of a security architecture, balancing business risks and customer needs.
• Perform threat modeling, secure code reviews, and design reviews for high-risk apps.
• Conduct vulnerability research and advise on new technologies.
• Automate security testing using scripting and open-source tools.
• Assist developers with vulnerability remediation.
• Coach teams on security practices like threat modeling and code reviews.
• Stay updated on emerging security technologies and trends.
• Develop repeatable security patterns based on data and system purpose.
• Consult on incident response processes and App Penetration tests.
• Guide teams in building secure Cloud Native applications with best practices.

OUR PURPOSE:

Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world.
Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.