Lead InfoSec Engineer, DevSecOps
New York City, NY - USA
Job Summary
About the Role:
Grade Level (for internal use):
11S&P Globals technology platforms continue to expand in scale cloud adoption and regulatory exposure. To support secure delivery across multiple product lines there is a critical need for a senior DevSecOps role that embeds security directly into engineering platforms CI/CD pipelines and developer workflows. This role addresses the growing complexity of cloud-native applications containerized workloads and automated delivery pipelines by providing hands-on technical leadership focused on secure-by-default developer experiences and scalable internal security tooling.
Responsibilities and Impact:
Embed automated security controls into CI/CD pipelines across build test and release stages designing risk-based security gates and integrating comprehensive security testing (SAST DAST SCA container scanning) to enable secure-by-default development
Build and maintain internal DevSecOps tooling and platform extensions that scale across enterprise engineering teams including reusable pipeline libraries security plugins and automation frameworks integrated into shared developer platforms
Champion developer-first security experiences by designing paved road security patterns self-service tooling and standardized integrations that reduce friction while maintaining strong security posture
Drive cloud-native security architecture across AWS and Azure environments implementing security controls for Kubernetes containerized workloads and infrastructure-as-code using modern security frameworks
Evaluate and integrate best-of-breed security tools aligned to application pipeline container and cloud security needs driving standardization and consolidation to reduce complexity while improving effectiveness
Support continuous compliance and governance by translating regulatory requirements into automated engineering controls enabling audit readiness through automated evidence collection and control mapping
Provide technical leadership and mentorship to engineering teams as an embedded security subject matter expert influencing design decisions and raising overall DevSecOps maturity across the organization
Lead vulnerability management and remediation across application pipeline and cloud environments while participating in threat modeling and architecture reviews to ensure security is embedded at the design level
What Were Looking For:
Basic Required Qualifications:
8 years of experience in software engineering DevOps or DevSecOps roles within enterprise or regulated environments with strong hands-on experience securing CI/CD pipelines and modern application stacks
Practical expertise with cloud platforms such as AWS Azure or Google Cloud including containerization technologies (such as Docker Kubernetes or OpenShift) and infrastructure-as-code tools like Terraform CloudFormation or Pulumi
Strong understanding of application security concepts including OWASP Top 10 secure coding practices and experience with security testing tools such as SAST DAST and SCA platforms
Bachelors degree in Computer Science Engineering Cybersecurity or equivalent practical experience in DevSecOps or security engineering roles
Proven ability to build and maintain internal tooling with experience in scripting languages such as Python Go or similar for automation and platform development
Excellent technical communication skills with the ability to clearly articulate security risks and solutions to engineering teams and business stakeholders
Strong collaboration and influence capabilities with demonstrated success working embedded within engineering teams and driving security adoption without direct authority
Experience with modern development practices including CI/CD pipeline design version control systems like Git and agile development methodologies
Additional Preferred Qualifications:
Advanced DevSecOps platform experience including building or extending internal developer platforms security tooling and experience with SAST/DAST/SCA platforms such as Snyk Checkmarx Veracode or equivalent security testing solutions
Cloud security expertise with experience using cloud security platforms (CSPM CNAPP) secrets management solutions such as HashiCorp Vault or cloud-native services and zero trust or identity-centric security architectures
Financial services or regulated industry experience with knowledge of compliance frameworks audit requirements and experience implementing security controls in highly regulated environments
Professional security certifications such as CISSP CISM CCSP or cloud security certifications including AWS Certified Security Specialty Azure Security Engineer or equivalent industry-recognized credentials
Compensation/Benefits Information:(This section is only applicable to US candidates)
S&P Globalstatesthat theanticipatedbase salary range for this position is $100000 to $130000. Final base salary for this role will be based on the individuals geographic location as well as experience level skill set traininglicensesand certifications.
In addition to base compensation this role is eligible for an annual incentive plan.
This role is eligible to receiveadditionalS&P Global benefits. For more information on thebenefitswe provide to our employees please clickhere.
Whats In It For You
Our Mission:
Advancing Essential Intelligence.
Our People:
Were more than 35000 strong worldwideso were able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. Were committed to a more equitable future and to helping our customers find new sustainable ways of doing business. Join us and help create the critical insights that truly make a difference.
Our Values:
Integrity Discovery Partnership
Throughout our history the worlds leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do bring a spirit of discovery to our work and collaborate in close partnership with each other and our customers to achieve shared goals.
Benefits:
We take care of you so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay retirement planning a continuing education program with a company-matched student loan contribution and financial wellness programs.
Family Friendly Perks: Its not just about you. S&P Global has perks for your partners and little ones too with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awardssmall perks can make a big difference.
For more information on benefits by country visit: Hiring and Opportunity at S&P Global:
At S&P Global we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills experience and contributions. Our hiring practices emphasize fairness transparency and merit ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration we drive innovation and power global markets.
Recruitment Fraud Alert:
If you receive an email from a domain or any other regionally based domains it is a scam and should be reported to. S&P Global never requires any candidate to pay money for job applications interviews offer letters pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines fraudulent domains and how to report suspicious activityhere.
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity color religion sex sexual orientation gender identity national origin age disability marital status military veteran status unemployment status or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability please send an email to:and your request will be forwarded to the appropriate person.
US Candidates Only:Know Your Rights: Workplace discrimination is illegal
Required Experience:
IC
About Company
We provide Essential Intelligence: a combination of the right data, connected technologies and experts to enable our customers to make decisions with conviction.