About the Role:

Grade Level (for internal use):

12

The Team:

Risk & Valuations Services (RVS) is part of S&P Global Market Intelligence, providing critical data, insights, and analytics to diverse customer segments across global financial markets. Our security engineering team operates as a highly collaborative, strategic unit where leaders combine deep offensive security expertise with business acumen to proactively identify and mitigate enterprise-scale risks across our expanding product portfolio. We value innovation, cross-divisional partnership, and the development of security capabilities that enable safe, authorized operations while driving S&P Global's mission to provide essential intelligence for confident decision-making.

Responsibilities and Impact:

• Lead and oversee hands-on application and cloud penetration testing across assigned product portfolios, focusing on real-world exploitability and business risk while directing security engineering strategy for the region

• Plan, conduct, and supervise red team activities in accordance with approved scope, authorization, and Rules of Engagement defined by Corporate Offensive Security, ensuring team compliance and operational excellence

• Drive adoption of AI-assisted testing techniques (e.g., intelligent discovery, fuzzing, and analysis) across security teams to improve coverage, efficiency, and testing quality while establishing best practices

• Engage directly with senior product and engineering leadership to explain attack paths, prioritize findings, and facilitate timely, durable remediation while building organizational security capabilities

• Establish validation processes for remediation effectiveness, ensuring exploit paths are fully closed and do not regress, while mentoring team members on advanced security assessment techniques

• Transform findings and remediation efforts into educational programs and strategic guidance to drive stronger proactive security posture in alignment with Corporate and Divisional security teams, contributing to enterprise offensive security standards, playbooks, and threat scenarios while producing executive-level reports that communicate exploitability, impact, and remediation status to senior leadership

What We're Looking For:

Basic Required Qualifications:

• 10+ years of experience in penetration testing, red teaming, application security, or offensive security engineering with demonstrated leadership experience in managing security teams or strategic initiatives

• Strong expertise in web, API, and cloud-native security testing across multiple environments, including authentication, authorization, and identity abuse scenarios with ability to architect comprehensive security assessment programs

• Experience testing modern architectures including microservices, CI/CD platforms (such as Jenkins, GitLab CI, or Azure DevOps), containerization technologies (such as Docker, Kubernetes, or OpenShift), and SaaS security frameworks

• Advanced scripting and development experience in programming languages (such as Python, Go, JavaScript, or similar technologies) to support exploit development, automation, and security tooling at enterprise scale

• Deep knowledge of security frameworks including OWASP Top 10, CWE/SANS Top 25, and secure development practices with proven ability to establish governance processes within formal red team programs

• Exceptional written and verbal communication skills with demonstrated ability to convey complex security risks to executive leadership, technical teams, and business stakeholders across all organizational levels

Additional Preferred Qualifications:

• Advanced offensive security certifications (such as OSCP, OSCE, GXPN, CRTO) or equivalent professional experience demonstrating mastery in penetration testing and red team leadership

• Experience testing AI-enabled or agentic systems with ability to develop security assessment frameworks for emerging technologies and guide organizational adoption strategies

• Proven experience with threat modeling and secure architecture review including ability to influence enterprise security architecture decisions and mentor teams on advanced security design principles

• Demonstrated success in building and scaling security programs across multiple business units or geographic regions with experience driving organizational security culture transformation

About S&P Global Market Intelligence

At S&P Global Market Intelligence, a division of S&P Global we understand the importance of accurate, deep and insightful information. Our team of experts delivers unrivaled insights and leading data and technology solutions, partnering with customers to expand their perspective, operate with confidence, and make decisions with conviction.

For more information, visit www.spglobal.com/marketintelligence.

What’s In It For You?

Our Mission:

Advancing Essential Intelligence.

Our People:

We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all.From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. Join us and help create the critical insights that truly make a difference.

Our Values:

Integrity, Discovery, Partnership

Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals.

Benefits:

We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.

Our benefits include: 

• Health & Wellness: Health care coverage designed for the mind and body.

• Flexible Downtime: Generous time off helps keep you energized for your time on.

• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.

• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.

• Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.

• Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries

Global Hiring and Opportunity at S&P Global:

At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets.

Recruitment Fraud Alert:

If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here.

-----------------------------------------------------------

Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.  Only electronic job submissions will be considered for employment.  

 

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.  
 
US Candidates Only: Know Your Rights: Workplace discrimination is illegal

-----------------------------------------------------------

20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.2 - Middle Professional Tier II (EEO Job Group), SWP Priority – Ratings - (Strategic Workforce Planning)