Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, the Security Incident Response Team (SIRT) Vulnerability Management team manages the lifecycle of vulnerabilities within GS technologies, including vulnerability discovery, risk assessment, and treatment. We are a team of security, software and product engineers that allow the firm to respond appropriately to cyber security risks through the use of detection, design and development.
In this role, you will join firm’s global vulnerability management team to develop, architect and deploy on premise and cloud solutions for vulnerability management. This role requires you to drive proactive identification of vulnerability detection requirements across the organization. The ideal candidate should be someone with cyber security engineering experience, preferably with vulnerability management tools such as Qualys or Nessus; hands-on technical skills on Amazon Web Services, Azure, containers, orchestration tools, and Splunk; and a good understanding of Windows, Linux, MacOS, TCP/IP, Network Security and Python.
• Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
• Contribute to vulnerability management strategy and automation
• Collaborate with various engineering teams to understand the vulnerability management needs and collectively develop remediation and mitigation strategies
• Perform vulnerability management product POCs as per the defined requirements.
• Work on automated vulnerability scanning using scanners and agents in the public cloud
• Improve the security sensors by looking for opportunities to tune the vulnerability detection controls and coverage effectiveness
• Lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination
• Script in languages such as Python, Java, Shell Script to build workflows and automation of scan data
• Maintain knowledge and skillset relevant to trends in the industry
• Minimum 3-5 years of security experience, specifically around organizational security and vulnerability management.
• Demonstrated understanding of infrastructure components and cloud vulnerability scanning
• Scripting and/or programming skills (e.g., Python, PowerShell, Java, JS, etc.)
• Strong presentation skills
• Strong English verbal and written communication skills
• Ability to multitask and prioritize work effectively
• Highly motivated self-starter
• Responsive to challenging tasking
• Attention to detail
• Strong sense of ownership and driven to manage tasks to completion
• Work experience on any major public clouds such as AWS and Azure.
• Advanced understanding of Linux Operating Systems
• Designing Cloud architecture including scanner and agent placement and communication strategies.
• In-depth understanding of any vulnerability scanning tools such as Qualys, Prisma Cloud, Rapid7, AWS Inspector
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.