About the role

Cloud & Application Security Engineer building security-first culture across the firm. Working with development and operations teams to remediate vulnerabilities and drive security practices.

Responsibilities

Work closely with GE towers to help remediate Cloud and Application vulnerabilities
Conduct regular security audits, risk assessments, and vulnerability scans.
Develop and maintain security policies, procedures, and best practices.
Ensure compliance with industry regulations (e.g., DORA, ISO 27001).
Assist with the development of security awareness training programs.
Work with IT teams to design secure systems and networks.
Stay up-to-date with current security threats, trends, and technologies.
Monitor systems and networks for security breaches or intrusions.
Investigate and respond to security incidents and alerts.
Share expertise of tools and best practices that empower Developers to frictionlessly meet requirements for security across all phases of the DevSecOps cycle
Drive behavioral change and inspire a security culture through advocacy and awareness campaigns targeting the engineering teams
Assist the Head of DevOps and SRE with continuous refinement and implementation of the division’s cyber security strategy by providing feedback gathered from the engineering teams via the security champions
Produce periodic, high-quality reports illustrating program status, areas for improvement, and success attributes aligning to the business
Remain current with new security threats and DevSecOps best practices
Demonstrate security expertise both within the firm and in the industry at large
Perform other duties related as assigned.

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field
6+ years of experience in IT security or a related field.
Python programming skills
Familiarity with threat modeling, risk assessment, and incident response.
Experience with firewalls, IDS/IPS systems, SIEM, endpoint protection, and vulnerability scanning tools.
Knowledge of network protocols, operating systems (Windows, Linux), and cloud platforms (e.g., AWS, Azure, GCP).
Demonstrated skill in application security and/or software development with a focus on secure design and coding practices
Exhibit detailed understanding of security threats especially within a cloud-native environment
Proven capability to advocate for security best practices in terms of business value and enablement
Established experience successfully leading large-scale projects across global functions
Effective verbal and written communication skills, including presentation and the ability to influence beyond reporting structure
Strong project management and personal organizational skills
Ability to work in a constantly changing environment under tight deadlines
Ability to work independently
Working knowledge of CI/CD tools and cloud-native development practices

Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.