Key skills
AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformPythonSDLCBashGCPGoogle CloudIAMGitHubGitLabCI/CDSnykTrivySonarQubeCheckmarxOWASPNetwork SecurityCloud Security
About this role
Role Overview
- Perform hands-on Application Security assessments including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and manual code reviews.
- Identify, analyze, and remediate vulnerabilities in web, mobile, and API applications (OWASP Top 10, API Security, etc.).
- Lead and support Software Supply Chain Security initiatives: Dependency vulnerability management, SBOM (Software Bill of Materials) generation and analysis.
- Conduct threat modeling for applications and integration points.
- Review and secure build pipelines, container images, and third-party libraries.
- Work closely with development, DevOps, and infrastructure teams to embed security into the SDLC.
- Monitor and triage security findings from various AppSec tools.
- Support Cloud Security posture reviews (basic knowledge required) – IAM, network security, and cloud misconfigurations.
- Prepare clear security reports, risk assessments, and remediation guidance for stakeholders.
- Stay updated with emerging threats in application security and software supply chain attacks (e.g., SolarWinds, Log4j, dependency confusion).
Requirements
- 1-3 years of experience in Cybersecurity with strong hands-on exposure in Application Security.
- Practical experience in Software Supply Chain Security (SCA tools, dependency analysis, SBOM) is highly preferred.
- Basic to working knowledge of Cloud Security (AWS, Azure, or GCP).
- Proficiency with AppSec tools: SAST: SonarQube, Semgrep, Fortify, Checkmarx
- DAST: OWASP ZAP, Burp Suite
- SCA: Snyk, Black Duck, Dependabot, Trivy
- Others: GitHub Advanced Security, GitLab Ultimate, etc.
- Good understanding of OWASP Top 10, CWE, CVE, and secure coding practices.
- Experience with Docker/container security and CI/CD pipeline security.
- Familiarity with SBOM formats (CycloneDX, SPDX).
- Basic knowledge of cloud platforms and services (IAM, Security Groups, CloudTrail, Security Hub, etc.).
- Basic scripting skills (Python or Bash) – added advantage.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Docker
- Google Cloud Platform
- Python
- SDLC
Benefits
- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
- Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.