Application Security Engineer Application Security Engineer …

S&P Global
in Beijing, Beijing Shi, China
Permanent, Full time
Be the first to apply
S&P Global
in Beijing, Beijing Shi, China
Permanent, Full time
Be the first to apply
Application Security Engineer
JobDescription :
Seeking a motivated and collaborative application security lead to help us implement secure development lifecycle program. The person in this role will also lead in building the application, deployment, and operations of all of our systems. This role requires interpersonal skills as well as a deep and broad understanding of S&P's overall business strategy, overall architecture and products. The lead must be technical and collaborative with an ability to influence Architects & Developers to build security into the Software Development Lifecycle.

Primary Responsibilities
  • Refine and drive widespread adoption of our secure development lifecycle process
  • Build partnerships with other development teams, be a source of expertise in security best practices
  • Architect tooling solutions, evaluate them and deploy in the environment
  • Develop and deliver engaging and memorable security trainings
  • lead enterprise wide penetration tests
  • Provide detailed guidance and support to teams in application vulnerability remediation
  • Build out secure API's by partnering with developers and make sure the utilization is baked into development cadence
  • Provide application security guidance on cloud environments as well as non-cloud environments
  • Communicate relevant metrics and trends to the technology leadership team.
  • Ensure stakeholder satisfaction
  • Code and Automate deployment of various tools in CI/CD using Ansible

  • Generalists who love learning new things and concocting creative security solutions for novel and risky functionality
  • 4+ year of prior team lead or people management experience
  • 2+ years experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modeling
  • 1+ years experience in conducting mobile pentest's & assessments
  • Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools
  • Experience with static code analysis tools (Fortify)
  • Experience with Dynamic analysis tools (WebInspect)
  • Experience with Software Composition Analysis (Whitesource)
  • Experience using Xcode, MobSF, Charles, GenY motion & other mobile pen testing tools
  • Deep understanding of common web application attacks