Information Security Analyst, Application Security

  • Competitive
  • New York, NY, USA
  • Permanent, Full time
  • S&P Global
  • 15 Dec 18

Information Security Analyst, Application Security

JobDescription :
The Role: Information Security Anal

The Location: New York, NY or Princeton, NJ

The Impact: As a Security Analyst, you will be part of the Digital Infrastructure Cyber Security team that develops and oversees the company's security program, ensuring the company is protected from existing and emerging threats. Working with the various teams, the Security Engineer will assess threats to the environment, research new vulnerability disclosures, and present plans of action to mitigate and address these issues.

What's in it for you: Working at S&P Global Inc. is an opportunity to thrive - a place to develop your career to the fullest while engaging in meaningful work that makes a positive impact around the globe. You will be proud to work for a company with a strong history of ethics and a purpose of nourishing people. We offer a diverse, supportive environment where you will grow personally and professionally as you learn from some of the most talented people in your field.


  • Use your knowledge to identify control weaknesses, assess the effectiveness of existing controls, and recommend remedial action
  • Demonstrate working knowledge on Threat Modeling
  • Utilize in-depth understanding of software development lifecycles and CI/CD pipelines
  • Demonstrate strong technical understanding and knowledge of cloud, mobile and web software technologies comprised in large enterprise and commercial IT environments
  • Demonstrate broad knowledge / understanding of inherent strengths and weaknesses of .NET, JAVA, C#, Objective-C language technologies, commonly used scripting languages, PaaS/SaaS cloud services
  • Knowledge of industry standard tools such as Fortify, Veracode, Checkmarx to run Static scans to analyze the false positives and deliver the reports to stakeholders
  • Knowledge on tools like WebInspect, Burp to run dynamic scans to analyze the false positives and deliver the reports
  • Proven expertise to run vulnerability review call with the development team and help them fix the issues identified
  • Work with development teams and business by training them to enable self-service scanning initiatives

What We're Looking For:

Basic Qualifications:
  • Bachelor's degree or equivalent years of industry experience
  • At least 1+ years' experience in application security lifecycle management
  • At least 2+ years' experience in administration and code review experience with any of the following: , HP Fortify or Fortify On-Demand, Fortify WebInspect, Veracode SAST/DAST/SCA, Coverity SCA, Synopsys SCA, Rapid7, IBM AppScan, Checkmark, Black Duck, Whitesource and to include application penetration testing

Preferred Qualifications:
  • Certifications/Licensure: Any of the following are preferred GPEN, OSCP

About Company:
At S&P Global, we don't give you intelligence-we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Platts. For more information, visit

To all recruitment agencies: S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person.
The EEO is the Law

Poster describes discrimination protections under federal law.