Information Security Engineer managing security of production AWS cloud infrastructure. Collaborating with teams to maintain a secure and efficient cloud environment.
About the role
- Lead Information Security Engineer strengthening AI, cloud, and application security posture at S&P Global. Partnering with engineering teams to ensure secure architectures and effective risk mitigation.
Responsibilities
- Partnering with product engineering teams to design and implement security remediation activities, while serving as the bridge between centralized security and development.
- Applying cloud, application, and development security principles to ensure secure architectures, effective risk mitigation, and consistent adoption of security best practices across product environments.
- Acting as a liaison between the centralized security function and product development and infrastructure support teams.
- Contributing to defining and maintaining security standards, patterns, and best practices, including secure AI development guidelines.
- Reviewing and advising on secure architecture, identity and access management, AI model/data protections, and cloud configurations.
- Defining and enforcing security policies, standards, and procedures.
- Conducting risk assessments, threat modeling, and security posture evaluations.
- Communicating security requirements and risks effectively to both technical and non-technical stakeholders.
- Supporting security assessments and providing recommendations for risk mitigation across cloud, application, and AI workloads.
- Aligning security practices with frameworks (NIST CSF, ISO 27001, CIS Controls, COBIT).
Requirements
- Strong knowledge of cloud security, with emphasis on AWS services and architecture.
- Experience with AI security frameworks and guidance (e.g., NIST AI RMF, OWASP Top 10 for LLM Applications, MITRE ATLAS).
- Experience in application and development security, including secure coding practices and CI/CD integration.
- Working knowledge of IAM, container security, AI/ML security considerations, SAST/DAST tooling, and DevSecOps practices.
- Understanding of AI risk areas (model misuse, data poisoning, privacy leakage, prompt/content manipulation) and emerging mitigation strategies.
- Proven ability to collaborate with engineering teams to deliver security solutions and remediation.
- Broad understanding of security domains, with the ability to evaluate and recommend tools and processes, including those supporting AI workloads.
- 10+ years of IT security experience, with demonstrated success in senior or strategic security engineering roles.
Benefits
- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
- Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Expert in information security focusing on penetration tests for Deutsche WertpapierService Bank AG's cybersecurity team. Managing cloud transformation and regulatory compliance in a hybrid work environment.
Expert in information security focusing on SIEM for Deutsche WertpapierService Bank AG. Ensuring SIEM operations and analyzing threats in a hybrid environment.
Engineer, Cybersecurity responsible for designing and implementing security solutions for Royal Caribbean Group. Collaborating with project teams to ensure compliance with security standards and practices.
Microsoft Security and Secure AI Consultant collaborating to secure Microsoft and AI implementations. Focused on deploying Microsoft Security services and contributing to dynamic projects across diverse industries.
Principal Security Consultant at LRQA enhancing security posture for clients. Leading defensive security services design and implementing solutions across multiple customer environments.
AWS Cloud Security Specialist working with teams to implement secure cloud environments. Leading efforts in security architecture and compliance for cloud migration and security design.
Senior Network Infrastructure & Security Expert at Kyndryl managing complex network infrastructure and security in manufacturing environments. Focused on innovative solutions and team growth in a flexible work setting.
Network Infrastructure & Security Engineer at Kyndryl responsible for maintaining network operations and troubleshooting. Supporting Cisco and Huawei devices in data centers and office premises.
Working as a Security Remote Technical Support Engineer responsible for resolving technical incidents and maintaining service levels. Collaborating with stakeholders to ensure efficient service delivery and continuous improvement.