Informacje o stanowisku

Security Engineer - Engineering - L2 - Associate - Warsaw

Opportunity Overview

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has a global presence across the Americas, APAC, India, and EMEA.

YOUR IMPACT

In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.

HOW YOU WILL FULFILL YOUR POTENTIAL

You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function.

Job Responsibilities:

• Lead and/or support static, dynamic and security awareness services.
• Drive adoption of application security controls within Software Development Life Cycle (SDLC).
• Review issues identified by S-SDLC tools, ensuring compliance to established review SLAs.
• Interface with Business Units, provide advice and consultation, to help remediate issues identified by S-SDLC tools.
• Develop and customize rules to improve detection capability of S-SDLC tools.
• Help engineer tools and solutions that facilitate the adoption of security controls.
• Develop Proof-of-Concepts (PoC), to be shown as solutions, and hand over to Engineering for broader rollout.
• Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk.
• Be responsible to communicate program to broader developers’ community for solutions that might impact Developer Experience (DevEx).
• Be responsible for the awareness, training, and guidance on security-related issues.
• Conduct product evaluation of solutions that may benefit the S-SDLC program.

Basic Qualifications:

• Experience with software development methodologies e.g. Agile, DevOps, etc.
• Fluent in at least one major programming language (e.g. Java, Python, Go, etc.)
• Working knowledge of CI/CD platforms e.g. Gitlab, AWS Code Commit and Deploy (or similar).
• Ability to explain common secure coding practices and application security vulnerabilities, based on guidance from industry-recognized cybersecurity frameworks and standards e.g. NIST Cyber Security Framework and OWASP.
• Ability to engage technical client base of engineers and communicate security requirements, potential risks, and influence development practices.
• Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management and provide clear remediation guidance.
• Intermediate Knowledge of DevSecOps solutions i.e. ability to review identified findings, conduct analysis (e.g. impact, accuracy, etc.), develop and customize detection capability of one or more of the following solutions:
• Static Application Security Testing (SAST)
• Dynamic/Interactive Application Security Testing (DAST/IAST)
• Software Composition Analysis (SCA)
• Infrastructure as Code (IaC)
• Container Security
• Mobile Security

Preferred Qualifications:

• Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applications.

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital, and ideas to help our clients, shareholders, and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities, and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. Were committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally.

Warszawa - Oferty pracy w okolicznych lokalizacjach