Goldman Sachs is a multinational financial services firm providing securities, investment banking, and management services. They are seeking an Associate in Security Engineering to perform security assessments, ensure security by design, and collaborate with technical teams on major initiatives. The role involves advising on security risks, implementing controls, and conducting vulnerability assessments.
Responsible for performing security assessments of business-initiated projects helping to drive adoption of application and infrastructure security controls and best practices.
Ensure security and privacy by design, including design process improvements, assessment of controls, data models, cryptographic implementation, and compliance and regulatory needs.
Collaborate with technical teams on major technology initiatives to ensure security exists at the outset of a design or project.
Advise on leading edge engineering to protect the firm’s network from security risks related to client/server architectures, Cloud architectures, web services and mobile applications.
Drive implementation of security controls in various platforms by working with technology infrastructure teams.
Collaborate with the global team to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness.
Convey complicated technical analyses via comprehensive presentations.
Communicate status and risks in a succinct, direct, and open manner for proper issue management life cycle tracking.
Review security controls and how they apply to different designs and systems in order to identify security gaps.
Highlight and articulate risk to developers or engineers.
Perform application vulnerability assessment and penetration testing of web applications.
Perform architecture review of web applications.
Working with large data sets to provide information security insights to leadership.
Qualification
Required
Bachelor’s degree (U.S. or foreign equivalent) in Cyber Security, Computer Science, Computer Engineering or a related field
two (2) years of experience in the job offered or a related Security Engineering role
two (2) years of experience with technical understanding of both application and infrastructure architecture and security (on premise and Cloud)
working with application security best practices including OWASP and CWE
working with application security vulnerabilities and controls to remediate risks