Security Engineer - Technology Risk - Advisory - Application Security - Apprisk Delivery Security Engineer - Technology Risk - Advisory -  …

Goldman Sachs
in Warschau, Woiwodschaft Masowien, Polen
Festanstellung, Vollzeit
Seien Sie der erste Bewerber
Goldman Sachs
in Warschau, Woiwodschaft Masowien, Polen
Festanstellung, Vollzeit
Seien Sie der erste Bewerber
Security Engineer - Technology Risk - Advisory - Application Security - Apprisk Delivery
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.

In this role, you will be joining a Team with the most interesting profile on the IT Security market. Our dedicated team specializes in deep-dive pen testing on a continuous basis focusing on critical/emerging threats and chaining attacks with expanded testing windows which gives the tester added time to exploit applications. This involves old and Firm's proprietary technology as well as new technology and standards that technologists want to use. What distinguishes us from regular pen testing is the focus on critical impactful vulnerabilities (such as SSRF, RCE etc.) by bypassing intermediary controls such as WAF etc. on our critical internet facing targets with expanded windows.
The ideal candidate should be an offensive hacker with the intent to secure our targets from external threats.

Job Responsibilities:
  • Full-scope analysis - network/web
  • Conduct security research and apply emerging threats to our targets
  • Expanded testing window to focus on critical issues
  • Discovering implementation issues
  • Creating baselines and navigating changes
  • Finding vulnerabilities in source code
  • Finding gaps in processes
  • Creating security roadmaps
  • Descriptions of components used
  • Defining threat landscape
  • Risk promotion / Awareness
  • Incorporating new Standards, RFC's, Driving Global Changes
Basic Qualifications:
  • Expertise with penetration testing of web applications, networks, operating systems
  • Working knowledge of common security tools (Nessus, Accunetix, metasploit, scapy, fuzzers, burp, wireshark)
  • Familiarity with one or more languages (Python, Java, Javascript)
  • Knowledge of TCP/IP stack and network protocols
  • Experience in crafting custom proof of concept exploits
  • Experience with Windows OS / Unix
  • Bughunting / Issues Discovery (CVE assignation) is a plus
Preferred qualifications:
  • Red-team security experience
  • Offensive Security Certification

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

Goldman Sachs logo
Ähnliche Jobangebote
Mehr Jobangebote ansehen