The Role: Information Security Analyst
The Location: Princeton, NJ
The Impact: As a Security Analyst, you will be part of the Digital Infrastructure Cyber Security team that develops and oversees the company's security program, ensuring the company is protected from existing and emerging threats. Working with the various teams, the Security Engineer will assess threats to the environment, research new vulnerability disclosures, and present plans of action to mitigate and address these issues.
What’s in it for you: Working at S&P Global Inc. is an opportunity to thrive – a place to develop your career to the fullest while engaging in meaningful work that makes a positive impact around the globe. You will be proud to work for a company with a strong history of ethics and a purpose of nourishing people. We offer a diverse, supportive environment where you will grow personally and professionally as you learn from some of the most talented people in your field.
Use your knowledge to identify control weaknesses, assess the effectiveness of existing controls, and recommend remedial action
Demonstrate working knowledge on Threat Modeling
Utilize in-depth understanding of software development lifecycles and CI/CD pipelines
Demonstrate strong technical understanding and knowledge of cloud, mobile and web software technologies comprised in large enterprise and commercial IT environments
Demonstrate broad knowledge / understanding of inherent strengths and weaknesses of .NET, JAVA, C#, Objective-C language technologies, commonly used scripting languages, PaaS/SaaS cloud services
Knowledge of industry standard tools such as Fortify, Veracode, Checkmarx to run Static scans to analyze the false positives and deliver the reports to stakeholders
Knowledge on tools like WebInspect, Burp to run dynamic scans to analyze the false positives and deliver the reports
Proven expertise to run vulnerability review call with the development team and help them fix the issues identified
Work with development teams and business by training them to enable self-service scanning initiatives
What We’re Looking For:
Bachelor’s degree or equivalent years of industry experience
At least 1+ years’ experience in application security lifecycle management
At least 2+ years’ experience in administration and code review experience with any of the following: , HP Fortify or Fortify On-Demand, Fortify WebInspect, Veracode SAST/DAST/SCA, Coverity SCA, Synopsys SCA, Rapid7, IBM AppScan, Checkmark, Black Duck, Whitesource and to include application penetration testing
Certifications/Licensure: Any of the following are preferred GPEN, OSCP
At S&P Global, we don’t give you intelligence—we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit www.spglobal.com
To all recruitment agencies: S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.
S&P Global is the world’s foremost provider of ratings, benchmarks, and analytics in the global capital and commodity markets.
Tuition refund program; scholarship program for your children; commuter benefits; various discounts on products and services; gym membership discount.
AWS, Kubernetes, Ansible, Git, Jenkins, Python, Linux, C/C++, Java, C#, Oracle
Zero stress and one profile that can connect you directly to 1000s of companies.
We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.
Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.
Join now and Be Seen.