FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Information Security Analyst
S&P GlobalCyber Security Analyst focusing on securing applications and software supply chains. Involves hands-on security assessments and collaboration across development teams.
Tech Stack
Tools & technologiesAWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformPythonSDLC
About the role
Key responsibilities & impact- Perform hands-on Application Security assessments including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and manual code reviews.
- Identify, analyze, and remediate vulnerabilities in web, mobile, and API applications (OWASP Top 10, API Security, etc.).
- Lead and support Software Supply Chain Security initiatives:
- Dependency vulnerability management
- SBOM (Software Bill of Materials) generation and analysis
- Secure CI/CD pipeline security
- Code signing, artifact repository security, and open-source risk assessment
- Conduct threat modeling for applications and integration points.
- Review and secure build pipelines, container images, and third-party libraries.
- Work closely with development, DevOps, and infrastructure teams to embed security into the SDLC.
- Monitor and triage security findings from various AppSec tools.
- Support Cloud Security posture reviews (basic knowledge required) – IAM, network security, and cloud misconfigurations.
- Prepare clear security reports, risk assessments, and remediation guidance for stakeholders.
- Stay updated with emerging threats in application security and software supply chain attacks (e.g., SolarWinds, Log4j, dependency confusion).
Requirements
What you’ll need- 1-3 years of experience in Cybersecurity with strong hands-on exposure in Application Security.
- Practical experience in Software Supply Chain Security (SCA tools, dependency analysis, SBOM) is highly preferred.
- Basic to working knowledge of Cloud Security (AWS, Azure, or GCP).
- Proficiency with AppSec tools:
- SAST: SonarQube, Semgrep, Fortify, Checkmarx
- DAST: OWASP ZAP, Burp Suite
- SCA: Snyk, Black Duck, Dependabot, Trivy
- Others: GitHub Advanced Security, GitLab Ultimate, etc.
- Good understanding of OWASP Top 10, CWE, CVE, and secure coding practices.
- Experience with Docker/container security and CI/CD pipeline security.
- Familiarity with SBOM formats (CycloneDX, SPDX).
- Basic knowledge of cloud platforms and services (IAM, Security Groups, CloudTrail, Security Hub, etc.).
- Basic scripting skills (Python or Bash) – added advantage.
Benefits
Comp & perks- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
- Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Application SecurityStatic Application Security TestingDynamic Application Security TestingSoftware Composition Analysisvulnerability managementthreat modelingsecure coding practicesscriptingDocker securityCI/CD pipeline security
Soft Skills
communicationleadershipanalytical thinkingproblem-solvingcollaboration