S&P Global

Associate Director – Lead Application Security

S&P Global

full-time

Posted on:

Location Type: Office

Location: Noida • 🇮🇳 India

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

GoJenkinsPythonSDLCTypeScript

About the role

  • Own the end-to-end AppSec program — from secure SDLC to runtime protection — and align it with business velocity and risk appetite.
  • Institutionalize systematic threat modeling across all product teams; personally lead modeling for flagship AI products and high-risk features.
  • Author, maintain, and evangelize production-grade secure coding guidelines, libraries, and reference architectures (API security, authentication, input validation, LLM-specific risks, etc.).
  • Select, deploy, and continuously improve the AppSec toolchain (SAST, DAST, SCA, IAST, runtime protection, secret scanning, etc.) deeply integrated into CI/CD pipelines.
  • Plan and execute advanced application pen tests; scope and oversee external red team engagements focused on business logic, AI-specific attacks, and prompt injection.
  • Serve as the primary AppSec escalation point during security incidents affecting applications.
  • Hire, grow, and lead a high-performing application security team; mentor engineers organization-wide on secure development practices.
  • Drive alignment with OWASP ASVS, OWASP Top 10 (including LLM Top 10), NIST SSDF, and emerging AI security regulations.

Requirements

  • 10+ years of hands-on application security experience in fast-paced product environments.
  • Proven track record of building and leading AppSec programs at scale (SaaS, consumer, or AI companies strongly preferred).
  • Expert-level knowledge of web, mobile, and API security; deep understanding of modern authentication/authorization (OAuth 2.1, OIDC, JWT, mTLS, SPIFFE).
  • Strong coding/scripting skills (Python, Go, TypeScript, or similar) with experience writing or auditing production code.
  • Extensive experience integrating and tuning AppSec tools in CI/CD (GitHub Actions, GitLab, Jenkins, etc.).
  • Demonstrated ability to influence engineering culture without gatekeeping velocity.
  • Relevant certifications preferred: OSCP, CASE, CISSP-ISSAP, CSSLP, or equivalent.
Benefits
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
application securitysecure SDLCthreat modelingsecure coding guidelinesAPI securityauthenticationinput validationpen testingcoding/scripting (Python, Go, TypeScript)web, mobile, and API security
Soft skills
leadershipmentoringinfluencing engineering cultureteam buildingcommunication
Certifications
OSCPCASECISSP-ISSAPCSSLP