Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
S&P Global

Lead InfoSec Engineer, DevSecOps

S&P Global

Lead DevSecOps Engineer at S&P Global embedding security in cloud-native applications and CI/CD pipelines. Drive cloud-native security architecture while mentoring engineering teams.

Posted 7/16/2026full-timeNew York City • New York • 🇺🇸 United StatesSenior💰 $100,000 - $130,000 per yearWebsite

Core Competencies

Role fit
Core Competencies

Use this summary to align your resume positioning with the role.

Demonstrates expertise in embedding automated security controls within CI/CD pipelines and driving cloud-native security architecture across AWS and Azure environments. Proficient in application security concepts and building internal DevSecOps tooling to enhance security practices across engineering teams.

Highest-signal resume keywords
CI/CD Pipeline SecurityCloud Security ArchitectureApplication Security ConceptsDevSecOps Tooling DevelopmentTechnical Communication

ATS Keywords

Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills
DevSecOpsApplication SecurityInfrastructure-as-CodeSASTDASTSCAContainerizationPythonTerraformKubernetes
Soft Skills
CollaborationInfluenceMentorshipTechnical Communication
Tools & Technologies
AWSAzureGoogle CloudDockerCloudFormationPulumiGit
Industry Keywords
Regulated EnvironmentsSecurity TestingAgile DevelopmentVersion Control SystemsOWASP Top 10

Tech Stack

Tools & technologies
AWSAzureCloudCyber SecurityDockerGoKubernetesOpenShiftPythonTerraform

About the role

Key responsibilities & impact
  • Embed automated security controls into CI/CD pipelines across build, test, and release stages, designing risk-based security gates and integrating comprehensive security testing (SAST, DAST, SCA, container scanning) to enable secure-by-default development
  • Build and maintain internal DevSecOps tooling and platform extensions that scale across enterprise engineering teams, including reusable pipeline libraries, security plugins, and automation frameworks integrated into shared developer platforms
  • Champion developer-first security experiences by designing "paved road" security patterns, self-service tooling, and standardized integrations that reduce friction while maintaining strong security posture
  • Drive cloud-native security architecture across AWS and Azure environments, implementing security controls for Kubernetes, containerized workloads, and infrastructure-as-code using modern security frameworks
  • Evaluate and integrate best-of-breed security tools aligned to application, pipeline, container, and cloud security needs, driving standardization and consolidation to reduce complexity while improving effectiveness
  • Support continuous compliance and governance by translating regulatory requirements into automated engineering controls, enabling audit readiness through automated evidence collection and control mapping
  • Provide technical leadership and mentorship to engineering teams as an embedded security subject matter expert, influencing design decisions and raising overall DevSecOps maturity across the organization
  • Lead vulnerability management and remediation across application, pipeline, and cloud environments while participating in threat modeling and architecture reviews to ensure security is embedded at the design level.

Requirements

What you’ll need
  • 8+ years of experience in software engineering, DevOps, or DevSecOps roles within enterprise or regulated environments with strong hands-on experience securing CI/CD pipelines and modern application stacks
  • Practical expertise with cloud platforms such as AWS, Azure, or Google Cloud, including containerization technologies (such as Docker, Kubernetes, or OpenShift) and infrastructure-as-code tools like Terraform, CloudFormation, or Pulumi
  • Strong understanding of application security concepts including OWASP Top 10, secure coding practices, and experience with security testing tools such as SAST, DAST, and SCA platforms
  • Bachelor's degree in Computer Science, Engineering, Cybersecurity or equivalent practical experience in DevSecOps or security engineering roles
  • Proven ability to build and maintain internal tooling with experience in scripting languages such as Python, Go, or similar for automation and platform development
  • Excellent technical communication skills with the ability to clearly articulate security risks and solutions to engineering teams and business stakeholders
  • Strong collaboration and influence capabilities with demonstrated success working embedded within engineering teams and driving security adoption without direct authority
  • Experience with modern development practices including CI/CD pipeline design, version control systems like Git, and agile development methodologies.

Benefits

Comp & perks
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.