Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
S&P Global

Lead Penetration Test Engineer

S&P Global

Lead Penetration Test Engineer focusing on information security at S&P Global. Conducting comprehensive penetration tests and vulnerability assessments to safeguard systems and data.

Posted 7/6/2026full-timeDallas • Colorado, New Jersey, Texas • 🇺🇸 United StatesSenior💰 $135,000 - $200,000 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in penetration testing, application security, and vulnerability management, with a strong ability to develop custom tools and methodologies for security assessments. Proficient in translating complex technical findings into actionable insights for diverse stakeholders.

Highest-signal resume keywords
Penetration TestingApplication SecurityVulnerability ManagementSecurity AssessmentsOffensive Security Certification

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
Penetration TestingVulnerability IdentificationScriptingCloud Security TechniquesSecurity Assessment Tools
Soft Skills
CommunicationCollaborationAnalytical Thinking
Tools & Technologies
Burp SuiteNessusMetasploitNmapCI/CD Pipelines
Certifications & Qualifications
OSCPOSCE3OSEPGXPNGPEN
Industry Keywords
OWASP Top 10MITRE ATT&CKCVECVSSCWE

Tech Stack

Tools & technologies
CloudGoJavaScriptPythonSQL

About the role

Key responsibilities & impact
  • Conduct comprehensive penetration testing of web applications, infrastructure, and cloud environments using both manual and automated techniques.
  • Develop custom scripts, tools, and methodologies to enhance penetration testing capabilities and automate security testing within CI/CD pipelines.
  • Apply cloud‑specific offensive techniques, including IAM abuse, container and serverless exploitation, and cloud misconfiguration testing.
  • Collaborate with engineering and development teams to analyze vulnerabilities, develop remediation plans, and strengthen application security across development and production lifecycles.
  • Perform detailed security assessments using DAST, SAST, and SCA tools to ensure continuous validation and improvement of security controls.
  • Lead and participate in attack simulations and tabletop exercises to validate security controls and improve organizational response capabilities.
  • Research emerging threats, attack vectors, and adversarial techniques to inform offensive and defensive strategies.
  • Communicate and present penetration testing and security assessment findings to both technical and non‑technical stakeholders.

Requirements

What you’ll need
  • Bachelor’s degree in Computer Science, Information Systems, or a related field, or equivalent experience.
  • Minimum 8 years of experience in information security with a strong focus on penetration testing, application security, and vulnerability management.
  • Hands-on experience with penetration testing tools (e.g., Burp Suite, Nessus, Metasploit, Nmap) and methodologies (e.g., OWASP Top 10, MITRE ATT&CK, PTES).
  • Expertise in identifying and exploiting common infrastructure and web application vulnerabilities (e.g., XSS, SQL Injection, IDOR).
  • Familiarity with vulnerability classification and scoring frameworks (CVE, CVSS, CWE).
  • Strong scripting or programming skills (e.g., Bash, Python, Go, PowerShell, JavaScript).
  • Experience performing security assessments (DAST, SAST, SCA, credential scanning) and integrating security testing into CI/CD pipelines.
  • Ability to translate complex technical findings into clear, actionable reports and confidently brief cross-functional teams and executives.
  • At least one recognized offensive security certification (OSCP, OSCE3, OSEP, GXPN, GPEN, or CREST CRT/CCT).

Benefits

Comp & perks
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in-class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.