Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
S&P Global

DevSecOps Architect – CI/CD, Application Security

S&P Global

DevSecOps Engineer embedding application and cloud security in CI/CD workflows for S&P Global. Focused on implementing security guardrails and integrating security into developer practices.

Posted 5/25/2026full-timePrinceton • New Jersey, New York • 🇺🇸 United StatesMid-LevelSenior💰 $125,000 - $165,000 per yearWebsite

Tech Stack

Tools & technologies
AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformJavaJenkinsPythonSDLC

About the role

Key responsibilities & impact
  • Design, implement, and operate application security controls integrated into CI/CD pipelines, ensuring secure software delivery by default.
  • Embed automated AppSec checks across code, dependencies, builds, and deployment workflows aligned with shift‑left principles.
  • Define and maintain secure CI/CD reference architectures and patterns for enterprise cloud-native applications.
  • Partner with engineering teams to integrate security seamlessly into developer workflows, minimizing friction and manual intervention.
  • Develop reusable pipeline templates, policy controls, and automation to scale AppSec and DevSecOps practices across teams.
  • Secure pipeline infrastructure and credentials, protecting against build manipulation, secret leakage, and provenance risks.
  • Integrate CI/CD security findings with broader application and cloud security monitoring workflows.
  • Investigate and respond to application and pipeline-related security findings, partnering with Security Operations as required.
  • Contribute to cloud security posture by aligning pipeline and application controls with cloud security best practices.
  • Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
  • Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
  • Implement safeguards against AI-specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
  • Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
  • Collaborate with engineering teams to establish secure-by-design AI application architectures.
  • Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
  • Secure AI-related secrets, tokens, and API access used in pipelines and applications.
  • Monitor and respond to security risks introduced by AI/ML components, including third-party models and APIs.
  • Contribute to AI risk governance, auditability, and traceability across the SDLC.
  • Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
  • Author documentation, standards, and training to drive developer adoption of secure CI/CD and AppSec practices.
  • Continuously evaluate emerging application security and software supply chain threats and improve controls accordingly.

Requirements

What you’ll need
  • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
  • 3–6 years of experience in DevSecOps, Application Security, or Platform Security roles.
  • Strong hands-on experience securing CI/CD pipelines using GitHub, Jenkins, and Azure DevOps.
  • Solid understanding of application security concepts (secure coding, dependency risk, pipeline hardening, secrets management).
  • Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
  • Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
  • Experience integrating AI or ML components into applications or pipelines (preferred hands-on exposure).
  • Familiarity with Responsible AI principles and AI governance frameworks.
  • Experience implementing shift‑left AppSec controls in modern SDLCs.
  • Experience working in cloud environments (Azure, AWS, or GCP).
  • Proficiency with scripting or programming languages (Python, Go, Java, etc.).
  • Familiarity with containerized build and deployment models.
  • Strong understanding of software supply chain security risks.

Benefits

Comp & perks
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
CI/CDDevSecOpsApplication SecurityAI/MLGenerative AIsecure codingdependency riskpipeline hardeningsecrets managementscripting
Soft Skills
collaborationcommunicationproblem-solvingdocumentationtraining
Certifications
Bachelor’s degree in Computer ScienceBachelor’s degree in CybersecurityBachelor’s degree in Engineering