Senior Product Security Engineering

Location(s) US-UT-Salt Lake City
Job ID
Schedule Type
Full Time
Vice President
Product Engineer
Business Unit
Foundational Infrastructure
Employment Type


The Goldman Sachs Product Security Engineering team has commited to providing a robust, resilient solution to migrate all Goldman Sachs personnel off the existing on-premise Broadcom/Blue Coat proxy infrastructure and towards a cloud native proxy service to ensure a performant, seamless browsing experience. This offering needs to provide TLS Interception for added visibility into browser-based connections as well as replace the existing Ionic offering for data upload controls that is currently managed by the Tech Risk Site Block team. This role will focus on architecting and engineering the cloud native proxy service solution as the initial assigment and will pivot towards supporting the solution after a full production deployment.


Job Functions:
- Design, implement and support a global release of a new cloud native proxy service
- Participate in automation initiatives to improve work flow and achieve operational maturity
- Automate all available security policy configurations changes, log ingestion and feature enablement within this proxy service using existing and proposed vendor API capabilities
- Proactive, automated monitoring of the global cloud proxy service's POP/Data Center availability and performance characteristics
- Engineering efforts leading to Request for Enhancement (RFE) submissions
- Work closely with our Technology Risk, Production Engineering and Network and Security Operations teams
- Work as part of a global team and adhere to off-hours meeting scheduling
- Construct and socialize operational runbooks for our Network and Security Operations teams to ensure immediate and effected troubleshooting

Basic Qualification:
- Strong, hands on experience with the following:
- IaaS, PaaS and SaaS deployments and environments
- OSPF and BGP implementation and troubleshooting
- Proxy technologies including Broadcom, Forcepoint, Palo Alto, Cisco, Netscope, Zscaler
- Microsoft M365 and all associated applications
- Cisco Routers & Switches. Nexus, ASR product lines, Cisco IOS, NX-OS etc
- Sandbox technologies including FireEye, Last Line, Cisco, Palo Alto, Joe Sandbox
- Intrusion Prevention technologies including Snort, Cisco, Palo Alto, Zscaler
- Data Leakage Prevention technologies including Vontu, Zscaler, Extra Hop, Palo Alto, Check Point
- Malware feed ingestion and processing
- Highly self-motivated and the ability to work independently as well as in a global team environment
- Good communication, presentation and interpersonal skills