• CIMD Security Engineer - PWM Data and Platform

    Location(s) US-NJ-Jersey City
    Job ID
    Schedule Type
    Full Time
    Vice President/Executive Director
    Business Unit
    Core Tech
    Employment Type

    The Private Wealth Management (PWM) business provides end to end Investment Management services and advice across a large range of asset classes for high net worth individuals. PWM leverages a global technology platform offering, an integrated suite of tools, and applications to onboard clients. Our software helps realize a client’s goals and objectives, develops and implements an integrated wealth management plan and delivers first-class client service.

    The Consumer & Investment Management Division works with a diverse range of institutional and individual clients to achieve investment goals and financial well-being and bring an innovative approach to traditional consumer banking. As a security engineer within the division, your role will be to assist in the development, architecture and operation of the divisions data security initiatives. The firm continuously strives to meet or exceed the industry’s information security best practices and applies controls to protect our clients and the firm - your contributions will be an essential part of this mission. The security and integrity of our clients data is imperative to the firm - we employ a defense in depth approach to protecting our information from a variety of threats, both internal and external, through a wide range of initiatives. The goal is that in the event that any single mechanism of control falls sort of achieving its objective, there are a large number of other initiatives which mitigate any resulting exposure. Such initiatives include but are not limited to; encryption of sensitive information, performing operations and searches on encrypted data, fine grained entitlements and analytics of sensitive data consumption. For more information on the impact your role will have to the organization, we invite you to review our public client security statement, which can be found here: https://www.goldmansachs.com/disclosures/client-security-statement.pdf


    •  Build business critical data encryption solutions and make these available to applications via services (i.e. Data Protection as a Service)
    •  Build authentication solutions for our data protection services which support the concept of authorization delegation
    •  Work with a broad set of vendor products implementing modern IT Security protocols and concepts. Build solutions integrating off the shelf solutions, cloud solutions and custom in house deployments.
    •  Build partnerships with our clients, which include all development teams across the division
    •  Build entitlement frameworks which control access to individual attributes based on roles, entity states and physical locations
    •  Ensure all solutions align to modern Continuous Delivery standards, High Availability and Rapid Scaling.
    •  Engage in production troubleshooting and engineer product improvements to eliminate manual investigation were possible

    •  Understanding of modern application design, best practices and infrastructure
    •  Robust capabilities and experience of SDLC and actual implementation in one or more of these languages: Java, Python
    •  Understanding of some or all of the following concepts: oAuth 2.0, SAML 2.0, Open ID Connect, IAM (Identity and Access Management), Web Application Security, entitlement management, micro-services, mission critical and highly available solutions/architectures, API gateways, REST APIs, Security Logging
    •  Understanding or experience working with modern data encryption platforms such as Thales Gemalto, CipherCloud, Ionic and Fortanix.
    •  Ability to troubleshoot and diagnose performance, security, and process interactions in complex distributed systems
    •  Familiarity with security products such as PingFederate, AD, Okta (or other IAM solutions) is desirable
    •  Ability to understand and effectively debug both new and existing software
    •  Ability to communicate technical concepts effectively and possessing the interpersonal skills required to collaborate effectively with colleagues across diverse technology teams

    Preferred Qualifications
    •  2 years of experience developing an enterprise level software in Java, .Net etc. and 2 years of experience building, supporting or maintaining IT Security solutions
    •  Experience monitoring, measuring, auditing and supporting software
    •  Scripting skills using Python, Bash, JavaScript or similar
    •  Experience designing, installing and operating security products and infrastructures
    •  Some background in IT security, including authentication, authorization, encryption and secure coding practices
    •  Strong analytical, reporting and presentation skills
    •  Excellent communication skills



    At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

    We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

    We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

    © The Goldman Sachs Group, Inc., 2020. All rights reserved.
    Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity