Tech Risk – SIRT – Bug Bounty Program - Security Incident Response Team

Location(s) US-TX-Dallas
Job ID
2020-63579
Schedule Type
Full Time
Level
Associate
Function(s)
Security Engineer
Region
Americas
Division
Engineering
Business Unit
Technology Risk
Employment Type
Employee

MORE ABOUT THIS JOB

Business Unit Overview

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Security Incident Response Team (SIRT) identifies malicious activity, manages the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.

 

Role

In this role, you will join a dedicated team that manages the firm’s bug bounty program where we help remediate the firms risk to external threats. You will be verifying vulnerability reports, testing for variations, and discovering the extent of unique issues while partnering with other risk management and engineering teams to track issues through resolution. You will also work to build relationships with the broader bug hunting community. The ideal candidate should be someone with existing cyber security experience, a strong technical understanding of web and mobile applications and architecture, and a drive to continually learn new attacks and techniques.

RESPONSIBILITIES AND QUALIFICATIONS

Job Responsibilities:
• Collaborate with external researchers to reproduce and investigate vulnerabilities submitted through our public and private bug bounty programs
• Use your skills to determine the appropriate impact and risk of vulnerabilities
• Work directly with project teams to help them understand the risk of findings and provide remediation guidance
• Coordinate with Technology Risk advisory and issue management teams to track remediation timelines and ensure vulnerabilities are fixed in a timely manner
• Identify best practices that can be shared across the organization
• Share knowledge through internal blog posts and presentations

Basic Qualifications
• Experience with vulnerability assessment and penetration testing of web and mobile applications
• Understand security fundamentals and common vulnerabilities
• Working knowledge of common security tools (Burp, metasploit, netcat, etc.)
• Strong communication and presentation skills and the ability to clearly articulate vulnerabilities and risks to both technical and non-technical audiences
• Strong sense of ownership and driven to manage tasks to completion

Preferred Qualifications
• 2-5 years of application security experience
• Scripting/Programming skills in one or more languages
• Familiarity or experience with enterprise networks and software platforms
• Good reputation on a bug bounty platform and/or published vulnerabilities


#techriskcybersecurity

ABOUT GOLDMAN SACHS

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.