S&P Global Director, Infrastructure Vulnerability Remediation in Virtual, New York

The Team:

The Compute and Cloud Operations team is responsible to develop infrastructure architecture and standards for deployments in SPGlobal data centers as well as public Cloud in collaboration with the SPGlobal business and service providers to ensure the delivery of services is predictable and of high quality at the right cost. In addition, the team is responsible to eliminate vulnerabilities in the environment from infrastructure as well as leading the planning and execution of remediation of vulnerabilities in business applications. The team is also responsible to ensure public cloud operations delivers on a predictable, scalable, secure and easy to use environment.

The Impact:

The Director of Vulnerability Remediation is a critical role responsible for the remediation of vulnerabilities in infrastructure and business applications in SPGlobal on-premises, private cloud and public cloud environments.

What s in it for you:

This role presents a unique opportunity to drive infrastructure vulnerability remediation for the entire company across all divisions. This role offers the right candidate a ground floor opportunity to build new systems and deliver new technology to modernize the company s environment as part of the vulnerability remediation objective. It also provides the opportunity to work with application development groups to secure business applications and play a very influential role on private - public cloud application deployment.


  • The measurable reduction - elimination of infrastructure vulnerabilities in the environment

    • The development of a strategy and actionable plan for vulnerability remediation

    • Serves as a senior most technical member of the Technology organization, providing authoritative guidance and setting direction in architectural and development activities as it pertains to vulnerability remediation

    • Understands Development technologies as well as full stack infrastructure.

    • Works with both onsite and remote teams to ensure that high-quality solutions are delivered in a timely fashion

    • Collaborates with the existing Information Security Organization on strategies to remediate vulnerabilities

  • Recommends remediation strategies, including security controls, patching and - or corrective actions for mitigating technical and business risk

    • Deliver roadmaps for the Attack Surface Reduction function in infrastructure
  • What We re Looking For:*

  • Basic Qualifications:*

    • A Bachelor s Degree in Computer Science, Engineering, Mathematics, related field or equivalent experience

    • 10 years of practical, hands-on experience

    • Experience remediating security vulnerabilities

    • Experience delivering solutions in a complex, globally distributed infrastructure

    • Expertise with both Linux and Windows technologies and their use in delivering secure, highly available, mission critical enterprise-class solutions

    • Hands-on expert knowledge of Windows, UNIX and Linux

    • Vulnerability assessment

    • Scanning tools (e.g. Qualys WAS, Nexpose, etc.)

    • Hands on knowledge with patching solutions including SCCM, WSUS, WebLogic

    • Programming and Scripting Languages, e.g. Java, Python, PowerShell, etc.

    • Deep technical understanding of full stack infrastructure and engineering best practices

    • Deep understanding of application development technologies

    • Strong organizational skills with proven ability to manage multiple high visibility issues simultaneously

    • Ability to work hands-on with technology solutions

    • Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and root causes

    • Strong foundational knowledge in information technology, to include hardware, networking, architecture, protocols, files systems and operating systems

    • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner

    • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and the associated impact on the organization

    • An ability to effectively influence others to modify their opinions, plans, or behaviors

    • Stays up-to-date with IT Operations trends and new best practices Must be effective in working both independently and in a team setting

    • Excellent technical knowledge of current systems software, protocols, and standards.

    • Ability to create constructive relationships, influence, and communicate (to project team, IT management, and non-technical staff).

    • Ability to lead complex, cross-functional problem-solving initiatives.

    • Exceptional analytical, conceptual, and problem-solving abilities.

    • Excellent interpersonal and consultative skills.

    • Proven ability to prioritize and execute tasks in a high-pressure environment.

    • Promoting a team-oriented, collaborative environment

Preferred Qualifications:

  • Hands on working knowledge of automation applications such as Ansible

  • Experience delivering solutions in a hybrid cloud environment that spans public clouds and on-premises data centers to virtualize infrastructure and move workloads between environments to meet business objectives

  • Experience in the financial markets a strong benefit

  • Background in varied technologies such as telecommunications, client server architectures, electronic commerce infrastructures, enterprise and workgroup server platforms, Web applications, portals, etc.

    Advanced degree strongly desired

To all recruitment agencies:

S&P Global does not accept unsolicited agency resumes. Please do not forward such resumes to any S&P Global employee, office location or website. S&P Global will not be responsible for any fees related to such resumes.

S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race - ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or any other basis prohibited by federal, state or local law. Only electronic job submissions will be considered for employment.

If you need an accommodation during the application process due to a disability, please send an email to:

EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.

The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law.