Lead Security Engineer

External

Spgi · Gdansk, Poland

Full-timeOn-siteToday

Application SecurityAzureCI/CDComplianceDockerGitLab

Cover Letter Connect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

Grade Level (for internal use): 12 The Team: Risk & Valuations Services (RVS) is part of S&P Global Market Intelligence, providing critical data, insights, and analytics to diverse customer segments across global financial markets. Our security engineering team operates as a highly collaborative, strategic unit where leaders combine deep offensive security expertise with business acumen to proactively identify and mitigate enterprise-scale risks across our expanding product portfolio. We value innovation, cross-divisional partnership, and the development of security capabilities that enable safe, authorized operations while driving S&P Global's mission to provide essential intelligence for confident decision-making. Responsibilities and Impact: Lead and oversee hands-on application and cloud penetration testing across assigned product portfolios, focusing on real-world exploitability and business risk while directing security engineering strategy for the region Plan, conduct, and supervise red team activities in accordance with approved scope, authorization, and Rules of Engagement defined by Corporate Offensive Security, ensuring team compliance and operational excellence Drive adoption of AI-assisted testing techniques (e.g., intelligent discovery, fuzzing, and analysis) across security teams to improve coverage, efficiency, and testing quality while establishing best practices Engage directly with senior product and engineering leadership to explain attack paths, prioritize findings, and facilitate timely, durable remediation while building organizational security capabilities Establish validation processes for remediation effectiveness, ensuring exploit paths are fully closed and do not regress, while mentoring team members on advanced security assessment techniques Transform findings and remediation efforts into educational programs and strategic guidance to drive stronger proactive security posture in alignment with Corporate and Divisional security teams, contributing to enterprise offensive security standards, playbooks, and threat scenarios while producing executive-level reports that communicate exploitability, impact, and remediation status to senior leadership

Requirements

Basic Required Qualifications:

10+ years of experience in penetration testing, red teaming, application security, or offensive security engineering with demonstrated leadership experience in managing security teams or strategic initiatives

Strong expertise in web, API, and cloud-native security testing across multiple environments, including authentication, authorization, and identity abuse scenarios with ability to architect comprehensive security assessment programs

Experience testing modern architectures including microservices, CI/CD platforms (such as Jenkins, GitLab CI, or Azure DevOps), containerization technologies (such as Docker, Kubernetes, or OpenShift), and SaaS security frameworks

Advanced scripting and development experience in programming languages (such as Python, Go, JavaScript, or similar technologies) to support exploit development, automation, and security tooling at enterprise scale

Deep knowledge of security frameworks including OWASP Top 10, CWE/SANS Top 25, and secure development practices with proven ability to establish governance processes within formal red team programs

Exceptional written and verbal communication skills with demonstrated ability to convey complex security risks to executive leadership, technical teams, and business stakeholders across all organizational levels

Additional Preferred Qualifications:

Advanced offensive security certifications (such as OSCP, OSCE, GXPN, CRTO) or equivalent professional experience demonstrating mastery in penetration testing and red team leadership

Experience testing AI-enabled or agentic systems with ability to develop security assessment frameworks for emerging technologies and guide organizational adoption strategies

Proven experience with threat modeling and secure architecture review including ability to influence enterprise security architecture decisions and mentor teams on advanced security design principles

Demonstrated success in building and scaling security programs across multiple business units or geographic regions with experience driving organizational security culture transformation

About S&P Global Market Intelligence

For more information, visit www.spglobal.com/marketintelligence .

What's In It For You?

Our Mission:

Advancing Essential Intelligence.

Our People:

We're more than 35,000 strong worldwide-so we're able to understand nuances while having a

Lead Security Engineer

About the role

Requirements

Benefits

Your Match

Company Intel

What employees say

Interested in this role?