Core Engineering - Technology Risk - Advisory - Tech Risk Advisory DevOps Engineer

  • Competitive
  • New York City, NY, USA
  • Festanstellung, Vollzeit
  • Goldman Sachs USA
  • 17 Nov 18

Core Engineering - Technology Risk - Advisory - Tech Risk Advisory DevOps Engineer

MORE ABOUT THIS JOB What We Do
At Goldman Sachs, our Engineers don't just make things - we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here.

Who We Look For
Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.
Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives
that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design,
and the testing of mitigants.
Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs. As a Dev Ops Engineer, you will be responsible for building scalable solutions for identifying / remediating risks; and conducting Manual Code Reviews on critical business products. The ideal candidate should have a deep understanding of security automated scanners, with a proven ability of extracting the most value with high precision, and driving remedial action.

RESPONSIBILITIES AND QUALIFICATIONS HOW YOU WILL FULFILL YOUR POTENTIAL
• Support the Technology Risk Advisory function by automating security test cases with a high true positive precision and help drive remedial actions.

SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Experience with security automated scanners, more specifically; configuring, writing custom rules for and modifying existing rules for automated scanners (at scale)
• Demonstrated ability of automating security test cases with high true positive precision
• Solid understanding of security controls and how they apply to different systems / applications
• Strong understanding of application vulnerabilities and how to test for them
• Strong knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
• Experience in performing code review of popular web application programming languages (Java, Javascript, C++, C#, Python, Perl, optionally Objective-C, etc.).
• Familiarity with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).
• Good understanding for how security fits into the SDLC along with practical experience doing so.
• 4 - 6 years of relevant work experience.

Preferred Qualifications
• Proficient verbal and written communication skills.
• Experience in crafting custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.
• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred.

ABOUT GOLDMAN SACHS The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2018. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.