S&P Global, Inc

Lead Penetration Test Engineer

S&P Global, Inc$135K — $200K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Information Systems, or equivalent experience.
  • Minimum 8 years in information security focusing on penetration testing and vulnerability management.
  • Hands-on experience with tools like Burp Suite, Nessus, and Metasploit.
  • Expertise in exploiting web and infrastructure vulnerabilities (e.g., XSS, SQL Injection).
  • Strong scripting skills in languages like Python, Bash, or PowerShell.
  • Experience integrating security testing into CI/CD pipelines.
  • At least one recognized offensive security certification (OSCP, OSCE3, etc.).

Responsibilities

  • Conduct penetration testing of web applications, infrastructure, and cloud environments.
  • Develop custom scripts and tools to enhance penetration testing capabilities.
  • Collaborate with teams to analyze vulnerabilities and create remediation plans.
  • Perform security assessments using DAST, SAST, and SCA tools.
  • Lead attack simulations and tabletop exercises to validate security practices.
  • Research emerging threats and attack vectors to bolster security strategies.
  • Communicate findings and provide actionable remediation guidance to stakeholders.

Benefits

  • Health care coverage designed for the mind and body.
  • Generous time off to help maintain energy and work-life balance.
  • Access to resources for continuous learning and career growth.
  • Competitive pay and retirement planning options.
  • Family-friendly perks including benefits for partners and children.
  • Additional perks like retail discounts and referral incentive awards.
Full Job Description
About the Role:

Grade Level (for internal use):
12
S&P Global Corporate

The Role: Lead Penetration Test Engineer

Location: Hybrid 2 days per week onsite on one of our following sites:

US: Boston, MA, Chicago, IL, Dallas, TX, Houston, TX, Englewood, CO, Raleigh, NC, Princeton, NJ, New York, NY, Southfield, MI, Washington, DC.

Canada: Toronto, ON, Calgary, AB

Responsibilities and Impact:

We are seeking a Lead Penetration Test Engineer with extensive experience in penetration testing and offensive security. The ideal candidate will conduct penetration tests, re-testing, vulnerability scanning, and threat assessments across diverse environments. This role requires strong offensive security skills combined with cloud and application security expertise to identify vulnerabilities and develop effective mitigation strategies.

A successful candidate will excel in the following areas:

Penetration Testing & Vulnerability Assessments
• Conduct comprehensive penetration testing of web applications, infrastructure, and cloud environments using both manual and automated techniques.
• Develop custom scripts, tools, and methodologies to enhance penetration testing capabilities and automate security testing within CI/CD pipelines.
• Apply cloud-specific offensive techniques, including IAM abuse, container and serverless exploitation, and cloud misconfiguration testing.

Vulnerability Management & Remediation
• Collaborate with engineering and development teams to analyze vulnerabilities, develop remediation plans, and strengthen application security across development and production lifecycles.
• Perform detailed security assessments using DAST, SAST, and SCA tools to ensure continuous validation and improvement of security controls.

Attack Simulations & Research
• Lead and participate in attack simulations and tabletop exercises to validate security controls and improve organizational response capabilities.
• Research emerging threats, attack vectors, and adversarial techniques to inform offensive and defensive strategies.
• Partner with internal teams to design and execute threat assessments based on intelligence feeds and threat actor analysis.

Security Communication & Reporting
• Communicate and present penetration testing and security assessment findings to both technical and non-technical stakeholders.
• Provide actionable remediation guidance and risk mitigation strategies to strengthen the organization's overall security posture.

What We're Looking For

Basic Required Qualifications
• Bachelor's degree in Computer Science, Information Systems, or a related field, or equivalent experience.
• Minimum 8 years of experience in information security with a strong focus on penetration testing, application security, and vulnerability management.
• Hands-on experience with penetration testing tools (e.g., Burp Suite, Nessus, Metasploit, Nmap) and methodologies (e.g., OWASP Top 10, MITRE ATT&CK, PTES).
• Expertise in identifying and exploiting common infrastructure and web application vulnerabilities (e.g., XSS, SQL Injection, IDOR).
• Familiarity with vulnerability classification and scoring frameworks (CVE, CVSS, CWE).
• Strong scripting or programming skills (e.g., Bash, Python, Go, PowerShell, JavaScript).
• Experience performing security assessments (DAST, SAST, SCA, credential scanning) and integrating security testing into CI/CD pipelines.
• Ability to translate complex technical findings into clear, actionable reports and confidently brief cross-functional teams and executives.
• At least one recognized offensive security certification (OSCP, OSCE3, OSEP, GXPN, GPEN, or CREST CRT/CCT).

Preferred Qualifications
• Experience with cloud security across AWS, Azure, or GCP.
• Knowledge of AI/ML security and adversarial testing methods, including evaluating LLMs and other models for manipulation, evasion, and data integrity risks.
• Demonstrated involvement in the infosec community (e.g., open-source projects, bug bounties, CVE research, conference talks, or security publications).
• Experience applying the MITRE ATT&CK Framework to offensive security operations and threat emulation.
• Familiarity with secure software development practices and the software development lifecycle.
• Experience with Java application technologies, deployment frameworks, and associated security best practices.
• Ability to work collaboratively across teams while independently owning deliverables and maintaining accountability to deadlines.

Right to work requirements for US based out candidates:

This role is open only for candidates with indefinite right to work within the US.

Compensation/Benefits Information (US Applicants Only):

S&P Global states that the anticipated base salary range for this position is $135,000 USD - $200,000 USD. Final base salary for this role will be based on the individual's geographical location as well as experience and qualifications for the role.

In addition to base compensation, this role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, please click here.

Right to work requirements for Canada based out Candidates:

This role is open for candidates with indefinite right to work within Canada.

Compensation/Benefits Information: (This section is only applicable to Canadian Candidates:) S&P Global states that the anticipated range of compensation for this position is 135,000 CAD to 180,000 CAD. Final compensation for this role will be based on the individual's performance, geographic location, as well as experience level, skill set, training, licenses, and certifications. In accordance with Ontario's new regulations effective January 1, 2026, this job posting provides information on expected compensation. S&P Global will not be utilizing artificial intelligence in our hiring process. Additionally, we are committed to transparency and will inform all interviewed candidates of hiring decisions within 45 days of their interview. This posting is for an existing vacancy, and we encourage you to reach out for further information regarding our hiring practices or any questions you may have. Thank you for considering a career with us!

Benefits:

We take care of you, so you can take care of business. We care about our people. That's why we provide everything you-and your career-need to thrive at S&P Global.

Our benefits include:
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It's not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards-small perks can make a big difference.

For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries

About S&P Global, Inc

S&P Global Market Intelligence is an exclusive analysis and in-depth data in real time for the banking.

S&P Global, Inc Careers

Join the dynamic team at S&P Global, Inc, a leader in providing transparent and innovative financial intelligence and analytics. As a global powerhouse, we are at the forefront of shaping the financial industry, making this an ideal time to advance your career with us. Work You’ll Do At S&P Global, Inc, you will be part of a culture that thrives on diversity, leadership, and professional excellence. Our team is committed to fostering an environment where innovation and growth are not just encouraged but are part of everyday activities. Transform your career with opportunities that place you at the intersection of data, technology, and market insights. Our professionals lead the industry in delivering cutting-edge solutions that address the challenges of today’s global markets. Join our team and collaborate with some of the brightest minds in the industry. With over 20,000 dedicated professionals worldwide, S&P Global, Inc offers a unique platform for professional growth and networking. S&P Global, Inc Jobs and Employment Opportunities We are continuously expanding our team and looking for talented individuals who are eager to drive innovation and lead change. Explore job opportunities in various fields, from financial services to data analysis, and contribute to our mission of providing essential intelligence. Do Innovative Work Be part of a company that values the skills and knowledge of its employees. At S&P Global, Inc, innovation is at the core of what we do. We offer a range of positions that allow you to apply your expertise and push the boundaries of what is possible in the financial sector. Internship Programs Kickstart your career with an internship at S&P Global, Inc. Our internships provide invaluable workplace experience and a chance to develop key skills that will aid you in your professional journey. Interns at S&P Global, Inc are crucial team members, working on projects that directly impact our business and clients. Benefits and Growth S&P Global, Inc is dedicated to the growth and development of its employees. We offer comprehensive benefits designed to enhance your life and well-being. From advanced career development programs to leadership training, we provide the tools necessary for you to succeed. Stay Connected Join Our Team Search open positions that match your skills and interests. We are looking for passionate, curious, and solution-driven team players. Whether you are starting your career or looking to take it to the next level, S&P Global, Inc offers a range of job opportunities and career paths. Keep Up to Date Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the people who work here. Job Alert Emails Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Discover the exciting and rewarding opportunities that await at S&P Global, Inc. S&P Global, Inc is not just a company—it’s a place where you can make a difference. Join us and help shape the future of the financial world.
Learn more about S&P Global, Inc
Size
22,850 employees
Market Cap
$107.6 billion
Industry
Net Income
$2.3 billion
Founded
1888
5 Year Trend
+7.9%
Revenue
$7.4 billion
NASDAQ

Similar Jobs

More Jobs at S&P Global, Inc

More Information Technology Jobs

Find similar Lead Penetration Test Engineer jobs: