Grade: 11
The Team: The MI Security QA Team is responsible to protect applications & products of the company which are built to empower the markets. The responsibility of the team is to make sure all vulnerabilities are discovered and then work with Application and Infra teams to remediate the vulnerabilities.
The Impact: This role would be responsible for running Static & dynamic scans within the SDLC, the security test engineer would also be responsible for working with developers to remediate the issues, retest, and help automate the process. Provide risk assessments in terms of the severity of issues found and help draw up security test strategies for existing and new products.
Compensation/Benefits Information:
S&P Global states that the anticipated base salary range for this position is $67,600 – $190,100. Base salary ranges may vary by geographic location.
This role is eligible to receive S&P Global benefits.
For more information on the benefits we provide to our employees, visit https://www.spgbenefitessentials.com/newhires.
Responsibilities:
• Design, Create and execute penetration tests on Web, Mobile, API, and Infrastructure
• Perform static and dynamic analysis on customer-facing applications, websites, and large enterprise networks
• Work with internal and external stakeholders to deliver high quality penetration tests
• Provide reports that clearly articulate vulnerabilities and weaknesses to clients
• Create tools and frameworks with quality code to simplify testing scenarios
• Design and develop Security test strategy, plans, test cases, execute test cases, analyze, and report test results to the teams
• Work in partnership with the development teams to deliver business functionality on time with required quality that meets the acceptance criteria
• Involved in requirements review and participate in architecture/design reviews with an emphasis on security test strategy and ensuring best practices
What We’re Looking For:
• Develop and execute Penetration Tests for various platforms
• Relevant skills to conduct penetration testing in the following domains: Application, Infrastructure, Mobile (iOS, Android), Thick client, API, and Code review
• A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
• 6+ years’ experience in Information Security Role
• 6+ years’ experience in performing security penetration testing
• Experience in developing custom tools when necessary
• Must have 4+ years of Commercial Web Application Tool Experience (i.e. Burp, AppScan, WebInspect…….)
• The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
• Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
• Provide subject matter expertise in support of security incidents/investigations as required.
• Knowledge of web application full-stack architecture and network models.
• Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications
• Experience in programming using Python/C#/Java/JavaScript or other languages
• Strong communication skills and ability to produce clear, concise, and detailed documentation
• Excellent problem solving, analytical, and technical troubleshooting skills
• Bachelor’s or higher qualification in Computer Science, Information Systems or equivalent is preferred. We would prefer candidate who have completed one or more of following certifications: CEH, OSCP, ECSA
S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: [email protected] and your request will be forwarded to the appropriate person.
The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.
IFTECH202.2 – Middle Professional Tier II (EEO Job Group)
Job ID: 269286
Posted On: 2022-01-06
Location: Charlottesville, Virginia, United States
