S&P Global

CyberSecurityAnalyst–ApplicationSecurity&SupplyChain

Gurugram, Haryana, India; Noida, Uttar Pradesh, India; Ahmedabad, Gujarat, India FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Entry candidates.

The Brief

“Cyber Security Analyst – Application Security & Supply Chain at S&P Global. Skills: Application Security, Software Supply Chain Security, Cloud Security, SAST/DAST/SCA. Perform Application Security assessments. Identify, analyze, and remediate vulnerabilities”

What You'll Achieve.

Contribute to secure development practices; Contribute to supply chain risk management; Embed security into the SDLC; Help create critical insights

Industry & Context.

Problems you'll solve

Excellent problem-solving skills; Analytical skills

What They're Looking For.

Must Have

1-3 years of experience in Cybersecurity, hands-on exposure in Application Security, Basic to working knowledge of Cloud Security (AWS, Azure, or GCP), Bachelor’s degree in Computer Science, IT, Cybersecurity, or equivalent

Nice to Have

Practical experience in Software Supply Chain Security (SCA tools, dependency analysis, SBOM)

What You'll Do.

Perform Application Security assessments

and remediate vulnerabilities

Lead Software Supply Chain Security initiatives

Manage dependency vulnerabilities

Generate and analyze SBOM

Secure CI/CD pipeline

Secure build pipelines

Secure container images

Secure third-party libraries

Conduct threat modeling

Monitor and triage security findings

Support Cloud Security posture reviews

Prepare security reports

Stay updated with emerging threats

How You'll Work.

Team & Collaboration

Work closely with development teams; Work closely with DevOps teams; Work closely with infrastructure teams; Collaborate with stakeholders; Collaborate with each other; Collaborate with customers

Communication Scope

Explain security risks to non-technical audiences; Good communication skills

Full Job Description

# **About the Role:** **Grade Level (for internal use):** 08 **Job Title:** Cyber Security Analyst – Application Security & Supply Chain **Experience** \- 1-3 Years **About the Role** We are hiring a Cyber Security Analyst with strong hands-on focus on Application Security (AppSec) and Software Supply Chain Security. The role is ideal for candidates who have practical experience in securing applications and the software development lifecycle, along with basic knowledge of Cloud Security. This position offers a great opportunity for early-career professionals to deepen their expertise in AppSec while contributing to secure development practices and supply chain risk management. **Key Responsibilities:** \- Perform **hands-on Application Security** assessments including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and manual code reviews. \- Identify, analyze, and remediate vulnerabilities in web, mobile, and API applications (OWASP Top 10, API Security, etc.). \- Lead and support **Software Supply Chain Security** initiatives: \- Dependency vulnerability management \- SBOM (Software Bill of Materials) generation and analysis \- Secure CI/CD pipeline security \- Code signing, artifact repository security, and open-source risk assessment \- Conduct threat modeling for applications and integration points. \- Review and secure build pipelines, container images, and third-party libraries. \- Work closely with development, DevOps, and infrastructure teams to embed security into the SDLC. \- Monitor and triage security findings from various AppSec tools. \- Support Cloud Security posture reviews (basic knowledge required) – IAM, network security, and cloud misconfigurations. \- Prepare clear security reports, risk assessments, and remediation guidance for stakeholders. \- Stay updated with emerging threats in application security and software supply chain attacks (e.g., SolarWinds, Log4j, depen

Free ATS check

Applying for this Cyber Security Analyst – Application Security & Supply Chain role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 68 detected · ranked by frequency

Code signing ×5

Artifact repository security ×5

Open-source risk assessment ×5

Threat modeling ×5

SonarQube ×5

Semgrep ×5

Fortify ×5

Checkmarx ×5

OWASP ZAP ×5

Burp Suite ×5

Snyk ×5

Black Duck ×5

Dependabot ×5

Trivy ×5

GitHub Advanced Security ×5

GitLab Ultimate ×5

Docker ×5

SAST ×4

DAST ×4

SCA ×4

Dependency vulnerability management ×4

SBOM generation ×4

SBOM analysis ×4

CI/CD pipeline security ×4

Build pipelines security ×4

Container images security ×4

Third-party libraries security ×4

Cloud Security posture reviews ×4

IAM ×4

Network security ×4

Cloud misconfigurations ×4

Risk assessments ×4

BEHAVIOURAL

learning agilitywillingness to explore new toolswillingness to explore attack techniquesCollaborative mindset

Role Details

Seniority mid

Experience 1–3 yrs

Level Entry

Work Mode No

Type FULL TIME

Education Bachelor’s degree in Computer Science, IT, Cybersecurity, or

AI-Extracted Insights

Domain Areas

application-securitysoftware-supply-chain-securitycloud-securityowasp-top-10api-securitysdlcsupply-chain-risk-management

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about S&P Global?

Real rants from real employees. Read before you apply.

Read Company Rants →