Security Engineer, Transaction Banking, Engineering Risk

WHO WE ARE

At Goldman Sachs, our Engineers don’t just make things we make things possible. Change the world by connecting people and capital with ideas.

Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.

Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategist groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.

Want to push the limit of digital possibilities? Start here.

Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more.

We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

Transaction Banking (TxB) , a business unit within Platform Solutions, aims to provide comprehensive cash management solutions for corporations.

Transaction Banking combines the strength and heritage of a 153-year-old financial institution with the agility and entrepreneurial spirit of a tech start-up.

Our goal is to provide the best client experience. Through the use of modern technologies centered on data and analytics, we provide customers with powerful tools that are grounded in value, transparency and simplicity to improve cash flow management efficiency.

THE TEAM

The TxB Engineering Risk (Technology Risk) function is an information security group embedded within TxB responsible for the oversight of Information Security and Cybersecurity risks across the business and technology, and supplements the firm’s Technology Risk programs to meet the additional unique needs of the business.

Our mission is to balance risk mitigation with a client-centric approach necessary to implement our digital strategy. The TxB Engineering Risk group currently has a presence in New York, Dallas, Bangalore and Tokyo, and is responsible for the following services :

Application Security & Risk Advisory - Provides technical design consultancy services, conducts security architecture reviews, and manages manual code reviews and penetration testing activities.

Assesses and manages the portfolio of information security and cybersecurity risks for the business.

Assurance, Risk & Governance - Ensures that our risk posture remains in a managed state and helps meet the different information security, privacy, regulatory, audit, and firm-wide technology risk commitments.

Supports client / partner due diligence activities, audit engagements and regulatory inquires.

Engineering - Responsible for designing and developing applications and services that support our Information Security & Cybersecurity program, including preventative and detective controls, control assurance and monitoring, and our business intelligence platform.

HOW YOU WILL FULFILL YOUR POTENTIAL

As part of our global team you will provide technical design consultancy services, conduct security architecture reviews, and manage manual code reviews and penetration testing activities.

You will be responsible for assessing and managing the portfolio of information security and cybersecurity risks for the business.

This position also necessitates maintaining awareness of the evolving cybersecurity threat landscape and relevant mitigating controls.

There will also be opportunity to research evolving security trends, frameworks, and products. The ideal candidate should possess the aptitude to build coalitions across teams and product owners, educate and help counterparts on secure operation and development practices, and work collaboratively to drive down risk.

We are looking for someone with lots of energy that has excellent communication skills, enjoys engineering challenges, and is able to operate in a highly fluid, rapidly changing environment.

If that’s you, we would like to hear from you!

RESPONSIBILITIES

• Provide internal risk advisory and consulting services to lead application and infrastructure developers
• Perform risk assessments to identify gaps in compliance to information security (application and infrastructure)
• Design secure patterns and produce guidance to reduce risks through opinionated architecture
• Manage multiple tasks and use sound judgment when prioritizing
• Collaborate with global cross functional teams
• Establish trusted partnerships with peers, functional leads, and executive level stakeholders
• Update and maintain documentation for team processes and best practices
• Exceptional analytical skills and able to apply knowledge and experience in decision-making to arrive at creative and commercial solutions
• Must be independent and comfortable in a fast paced, ambiguous and often multi-directional work environment

BASIC QUALIFICATIONS

• 3+ years of relevant professional experience in one or more of the following areas : security architecture and design, security engineering, network security, application development, cybersecurity audit (technical)
• 2+ years working with major cloud solutions (IaaS, PaaS, SaaS)
• or higher in Computer Science, Cybersecurity or Information Security (or equivalent work experience)
• Must have a high level understanding of security principles, application security vulnerabilities (., OWASP Top 10), control frameworks (NIST), threat modeling, and security risks as they apply to cloud solutions
• Strong program and project management skills
• Team oriented; strong interpersonal and communication skills
• Energetic, self-directed, and self-motivated

PREFERRED QUALIFICATIONS

• Technical knowledge in one or more of the following : cryptography, data security, IAM, public cloud, secure SDLC
• Hands on experience with AWS (GCP, Azure optional)
• Understanding of Infrastructure as Code, Policy as Code, templates and modules
• Experience or trainings in related disciplines (. computer security, network security, cloud security)
• Experience in Financial Services or Fintech

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow.

Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs.

Learn more about our culture, benefits, and people at / careers.

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.