Job Description

S&P Global Corporate

The Role : Penetration Test Analyst

The Team : The Application and Infrastructure security team is responsible to protect applications & product within the company which are built to empower the markets, the responsibility includes the team to protect from bad actors & making sure security hygiene is encompassed in the software development.

The Impact : This role would be responsible for running application and network penetration tests, resource would also be responsible for working with developers to remediate the findings, provide fix recommendations, train the developers to implement secure coding practices, Code and Automate deployment of various tools in CI/CD.

What\xe2\x80\x99s in it for you : S&P\xe2\x80\x99s environment gives a greater exposure to cutting edge technologies which the applicant could benefit for career progression the work environment is very flexible. The person in this role will also lead in securely building the application, deployment, and operations of all of our systems.

Responsibilities :
Execute the pen testing efforts on a periodic basis to satisfy the legal and compliance requirements.

Coordinate the enterprise-wide penetration tests

Build partnerships with development teams, be a source of expertise in security best practices

Develop and deliver engaging and memorable security trainings

Provide detailed guidance and support to teams in vulnerability remediation

Build out secure API\xe2\x80\x99s by partnering with developers and make sure the utilization is baked into development cadence

Provide security guidance on cloud environments as well as non-cloud environments

Communicate relevant metrics and trends to the technology leadership team.

Ensure stakeholder satisfaction

What We\xe2\x80\x99re Looking For :
5+ years of Experience in Penetration testing

Experience working with at least one scripting languages such as Python, Ruby, Bash, Javascript, etc.

Excellent language skills and ability communicate complex vulnerabilities to internal teams

Demonstrate critical thinking

Experience & ability to run pentest on web application, mobile applications (IOS & Android), thick client applications

Perform Code reviews as part of whitebox pentest

Training & Empowering Developers on Security principles & coding practices

Define a formal pentest process

Do Vulnerability Research & Discovery.

Well versed with OWASP Web and Mobile Testing Frameworks

Certifications such as GPEN, GXPN, GMOB, GWAPT, OSCP, OSWE, OSCE, OSWP, AWS, CNCF (not mandatory)

Spending time practicing skills on platforms such Hack the Box, Pentester Lab, Vulnhub, etc. and participating in CTF competitions (preferred but not mandatory)

Bug Bounty experience on platforms like HackerOne, Bugcrowd, YesWeHack etc., would be an added advantage

Good to have working knowledge on the below Tools/Platforms:
HP Webinspect

HP Fortify

Kali Linux

Burp suite pro

Azure Devops

Jenkins

Whitesource

Return to Work : Have you taken time out for caring responsibilities and are now looking to return to work? As part of our Return to Work initiative (link to career site page when available), we are encouraging enthusiastic and talented returners to apply, and will actively support your return to the workplace.

Grade/Level : 9

The Location : Gurgaon, Hyderabad

About Company Statement: S&P Global delivers essential intelligence that powers decision making. We provide the world\xe2\x80\x99s leading organizations with the right data, connected technologies and expertise they need to move ahead. As part of our team, you\xe2\x80\x99ll help solve complex challenges that equip businesses, governments and individuals with the knowledge to adapt to a changing economic landscape.

-----------------------------------------------------------

Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.

----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)

Job ID: 279741
Posted On: 2023-02-20
Location: Noida, Uttar Pradesh, India