Security Engineer - Team Lead

US - MA - CAMBRIDGE 44-48 BRATTLE ST

S&P Global

We provide Essential Intelligence: a combination of the right data, connected technologies and experts to enable our customers to make decisions with conviction.

View all jobs at S&P Global

Apply now Apply later

About the Role:

Grade Level (for internal use):

03

As a security-focused software engineer at Kensho, you are a thoughtful, collaborative, and seasoned technologist who will be working closely with the Infrastructure team to ensure security across a number of systems and web applications. You will help us protect network boundaries, keep systems and network devices against attacks and provide security frameworks and processes to protect confidential data like passwords and client information.

At Kensho, we hire talented people and give them the freedom, support, and resources needed to accomplish our shared goals. We believe in flexibility-first and give our employees the opportunity to work from where they feel most productive and engaged (must be in the United States). We also value in-person collaboration, so there may be times when travel to one of our Kensho hubs (e.g., Cambridge, MA or NYC) will be required for team meetings or company events.

Kensho states that the anticipated base salary range for the position is 170k - 200k. In addition, this role is eligible for an annual incentive bonus and equity plans. At Kensho, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case.

What You’ll Do:

  • Implement security frameworks to ensure Kensho maintains a security envelope aligned with S&P Global standards
  • Developing and updating security plans: Planning and managing security projects and initiatives
  • Emergency response: Demonstrating excellent surveillance and emergency response skills
  • Identifying and mitigating security vulnerabilities: Perform static and dynamic vulnerability assessments and incorporate tools in the SDLC using commercial and open source tools
  • Implementing de-escalation techniques: Prioritizing training in de-escalation techniques to effectively deal with conflicts
  • People manager and prioritization of security backlog: lead and work alongside a team of 2-5 security engineers who are passionate about cutting edge advancements in technology
  • Maintain a GenAI security posture: Help establish and enable a GenAI security posture at an enterprise scale and have complete oversight of the AI Accelerator Security
  • Risk assessment and management: Spotting risky behaviors and configurations in critical infrastructure components to stop network intrusions and preempt cyberattacks
  • Auditing policies and controls continuously: Driving the cybersecurity process forward by regularly auditing the policies and controls in place
  • Building a vulnerability management program: Ensuring that people in the organization continuously check for known vulnerabilities and take appropriate steps to remediate them
  • Design and implement security controls and processes across Kensho and provide monitoring to ensure compliance
  • Analyze and recommend security practices and tools for engineering teams to incorporate into the software development lifecycle
  • Execute security architecture reviews for e2e application frameworks
  • Monitor Cloud Security Posture Management (CSPM) tools and work with Infrastructure teams to achieve compliance
  • Support SIEM integration for the security stack

What You'll Need:

  • Five or more years of experience as a security engineer
  • Experience securing modern web applications and distributed data infrastructure in a cross-team setting
  • Strong understanding of cryptography and current best practices
  • Experience with penetration testing tools, techniques and methodologies and understanding of common vulnerabilities and remediation strategies
  • Three or more years experience writing code in Python, Javascript, Java, or Go
  • Prior experience working with enterprise security technologies such as WAF, CSPM, SAST and DAST
  • Ability to apply risk management tools and methodologies
  • Experience conducting or facilitating IT security audits
  • Familiarity with security models for cloud providers such as AWS, Azure and GCP
  • Familiarity with core networking concepts and standard protocols such as TCP, UDP, and HTTP

Technologies & Tools We Use:

  • Python, Linux, Docker, Kubernetes, Git, Jenkins, Terraform, Jsonnet, Kafka, ElasticSearch

What’s In It For You?

Our Purpose:

Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world.

Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress.


Our People:

We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.

From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference.

Our Values:
 

Integrity, Discovery, Partnership


At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.

Benefits:

We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.

Our benefits include: 

  • Health & Wellness: Health care coverage designed for the mind and body.

  • Flexible Downtime: Generous time off helps keep you energized for your time on.

  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.

  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.

  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.

  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries

Diversity, Equity, and Inclusion at S&P Global:
At S&P Global, we believe diversity fuels creative insights, equity unlocks opportunity, and inclusion drives growth and innovation – Powering Global Markets. Our commitment centers on our global workforce, ensuring that our people are empowered to bring their whole selves to work. It doesn’t stop there, we strive to better reflect and serve the communities in which we live and work, and advocate for greater opportunity for all.

-----------------------------------------------------------

Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.  Only electronic job submissions will be considered for employment.  

 

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.  
 
US Candidates Only:  The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. 

-----------------------------------------------------------

20 - Professional (EEO-2 Job Categories-United States of America), BSMGMT203 - Entry Professional (EEO Job Group)
Apply now Apply later
Job stats:  5  1  0

Tags: Audits AWS Azure Cloud Compliance Cryptography CSPM DAST Docker Elasticsearch GCP Generative AI Java JavaScript Jenkins Kafka Kubernetes Linux Monitoring Open Source Pentesting Python Risk assessment Risk management SAST SDLC SIEM Surveillance Terraform Vulnerabilities Vulnerability management

Perks/benefits: Career development Competitive pay Equity / stock options Flex hours Flex vacation Health care Salary bonus Team events Wellness

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.