The Role: Senior Security Test Engineer The Location : US- Virtual (Eastern Time) Grade : 10
The Team: The Quality Engineering team works in partnership with other Technology Functions and the Business to ensure quality delivery of our products. The team works in an Agile environment and is located globally. The team is independent in driving all decisions and is responsible for continuously improving customer experience, revenue growth and operations enablement through quick turn-around of development of our products with high quality.
The Impact: As a Security Test Engineer, you will make a key contribution in identifying and mitigating vulnerabilities in different applications across Web/Windows/Mobile platform. Your primary focus will be doing Security assessments and DevSecOps automation. Your challenge will be reducing the "time to market" for products without compromising quality, by leveraging automation and innovation. You will use a wide range of technologies and will have the opportunity to interact with different internal teams.
What's in it for you:
Working with a team of highly skilled, ambitious & result-oriented professionals.
Using a wide range of cutting-edge technology to innovate while testing.
An ever-challenging environment to hone your existing skills in security testing, web penetration tools, etc.
A great opportunity to think and execute like a developer while performing the role of QA.
Being a part of an organization which values 'Culture of Urgency' and 'Shift Left' approaches.
A plenty of skill building, knowledge sharing, and innovation opportunities.
Building a fulfilling career with a global financial technology company.
Responsibilities:
Design, Create and execute penetration tests on Web, Mobile and Infrastructure.
Perform static and dynamic analysis on customer facing applications, websites, and large enterprise networks.
Work with internal and external stakeholders to deliver high quality penetration tests.
Provide reports that clearly articulate vulnerabilities and weaknesses to clients.
Create tools and frameworks with quality code to simplify testing scenarios.
Design and develop Security test plans, test cases, execute test cases, analyze and report test results to the teams.
Work in partnership with the development teams to deliver business functionality on time with required quality that meets the acceptance criteria.
Involved in requirements review and participate in architecture/design reviews with an emphasis on security test strategy and ensuring best practices.
What We're Looking For: Basic Qualifications:
Develop and execute Penetration Tests for various platforms.
Relevant skills to conduct penetration testing in the following domains: Application, Infrastructure, Mobile (iOS, Android), Wireless, Physical assessment and Code review.
A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms.
3+ years of experience in Information Security Role.
3+ years of experience in performing security penetration testing.
Experience in developing custom tools when necessary.
Must have 3+ years of Commercial Web Application Tool Experience (i.e. Burp, AppScan, WebInspect).
Preferred Qualifications:
The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
Provide subject matter expertise in support of security incidents/investigations as required.
Knowledge of web application full-stack architecture and network models.
Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications
Experience in programming using Python/C#/Java/Java Script or other languages
Strong communication skills and ability to produce clear, concise and detailed documentation
Excellent problem solving, analytical and technical troubleshooting skills
Bachelors or higher qualification in Computer Science, Information Systems or equivalent is preferred.
Compensation and Benefits Information: S&P Global states that the anticipated base salary range for this position is $70,300 - $139,800. Base salary ranges may vary by geographic location. In addition to base compensation, this role is eligible for an annual incentive bonus. This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires
About S&P Global Market Intelligence: At S&P Global Market Intelligence, we know that not all information is important-some of it is vital. Accurate, deep and insightful. We integrate financial and industry data, research and news into tools that help track performance, generate alpha, identify investment ideas, understand competitive and industry dynamics, perform valuation and assess credit risk. Investment professionals, government agencies, corporations and universities globally can gain the intelligence essential to making business and financial decisions with conviction
Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
