▷ Apply in 3 Minutes: Engineering-l2-bengaluru-associate-security Engineering

Job Category Associate WHO WE ARE Led by the Chief Information Security Officer CISO Technology Risk secures Goldman Sachs against hackers and other cyber threats We are responsible for detecting and preventing attempted cyber intrusions against the firm helping the firm develop more secure applications and infrastructure developing software in support of our efforts measuring cybersecurity risk and designing and driving implementation of cybersecurity controls The team has global presence across the Americas APAC India and EMEA Within Technology Risk Advisory is the consultative and technology subject matter expertise arm responsible for assessing new technology initiatives for risk partnering with engineers to architect and design secure products and services embedding implementation reviews as part of the SDLC and CI CD pipeline via code analysis and penetration testing and guiding technology innovation in terms of security and control across Goldman Sachs The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications YOUR IMPACT In this role you will join the global Secure SDLC S-SDLC team within Technology Risk - the team is responsible for the identification of software security flaws along with providing security assurance advice and guidance to the engineers to help them manage application risks You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm The ideal candidate should have experience of integrating and tuning software security controls within continuous deployment SDLC ability to review triage and remediate findings by interfacing with the Business Units and help raise developer security awareness HOW YOU WILL FULFILL YOUR POTENTIAL The Secure-SDLC team is responsible for the identification of software security flaws along with providing security assurance advice and guidance to the engineers to help them manage application risks You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function Job Responsibilities Lead and or support static dynamic and security awareness services Drive adoption of application security controls within Software Development Life Cycle SDLC Review issues identified by S-SDLC tools ensuring compliance to established review SLAs Interface with Business Units provide advice and consultation to help remediate issues identified by S-SDLC tools Develop and customise rules to improve detection capability of S-SDLC tools Help engineer tools and solutions that facilitate the adoption of security controls Develop Proof-of-Concepts PoC to be shown as solutions and handover to Engineering for broader rollout Work with engineers to develop customized security testing strategy to complement the existing security testing program managed by Technology Risk Be responsible to communicate program to broader developers community for solutions that might impact Developer Experience DevEx Be responsible for the awareness training and guidance on security related issues Conduct product evaluation of solutions that may benefit the S-SDLC program Basic Qualifications You will use your strong technical interpersonal organizational written and verbal communication skills to interact with your internal clients locally and globally Your knowledge of Software Development Lifecycle SDLC Application Security and Risk Management techniques and methodologies will enable you to be an active member of the team along with your professional experience in one or more of the following disciplines Ability to explain common secure coding practices and application security vulnerabilities based on guidance from the industry recognised cybersecurity frameworks and standards e g NIST Cyber Security Framework and OWASP Ability to engage technical client base of engineers and communicate security requirements potential risks and influence development practices Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers SMEs to senior management and provide clear remediation guidance Experience with software development methodologies e g Agile DevOps etc Fluent in at least one major programming language e g Java Python Go etc Working knowledge of CI CD platforms e g Gitlab AWS Code Commit and Deploy or similar Intermediate Knowledge of DevSecOps solutions i e ability to review identified findings conduct analysis e g impact accuracy etc develop and customise detection capability of one or more of the following solutions Static Application Security Testing SAST Dynamic Interactive Application Security Testing DAST IAST Software Composition Analysis SCA Infrastructure as Code IaC Container Security Mobile Security Preferred qualifications Project management skills Knowledge of Cloud AWS GCP Azure and Cloud Security applications TechRiskCybersecurity ABOUT GOLDMAN SACHS At Goldman Sachs we commit our people capital and ideas to help our clients shareholders and the communities we serve to grow Founded in 1869 we are a leading global investment banking securities and investment management firm Headquartered in New York we maintain offices around the world We believe who you are makes you better at what you do We re committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally from our training and development opportunities and firmwide networks to benefits wellness and personal finance offerings and mindfulness programs Learn more about our culture benefits and people at We re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process Learn more The Goldman Sachs Group Inc 2024 All rights reserved Goldman Sachs is an equal employment affirmative action employer Female Minority Disability Veteran Sexual Orientation Gender Identity