Job Description

Asset and Wealth Management – Product Security Engineer

Job Description

The Asset and Wealth Management Division includes Goldman Sachs Asset Management (AM), Private Wealth Management (PWM, Ayco) and our Consumer business (Marcus by Goldman Sachs). We provide asset management, wealth management and banking expertise to consumers and institutions around the world. AWM partners with various teams across the firm to help individuals and institutions navigate changing markets and take control of their financial lives.

The AWM Technology Risk function is an information security group embedded within AWM responsible for the oversight of Information Security and Cybersecurity risks across AWM business and technology as well as supplements the firm’s Technology Risk programs to meet the additional unique needs of the AWM business. Our mission is to enable the business needs while balancing security controls

How You Will Fulfill Your Potential

• Partner with business units to understand design proposal and evaluate architectural flaws for various on-prem/cloud deployments
• Closely collaborate with Product Management, Engineering, Dev Ops and Firmwide Tech Risk teams to evaluate the design and implementation of security controls related to Authentication, Authorization, Input Validations etc. and enhance firm’s security posture
• Evaluate the effectiveness of existing key controls, identify gaps, and recommend improvements to mitigate risks and enhance firm’s security posture
• Acts as an Application security liaison for developers and architects in the respective Business Unit to build security software
• Interface with business, engineering and leadership teams to articulate risk and recommend a mitigation strategy.
• Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology
• Provide clear and concise verbal and written recommendations and guidance to both business and technology leaders on matters of Technology Risk Management
• Promote and assist in training & awareness of information security within the region
• Strong desire to grow in the Information Security area
• Develop, maintain, and improve Technology Risk Program reflecting new emerging risks
  
  

Skills And Experience We Are Looking For

• 1-3 years of technology experience in one or more of the following areas: Information Security, Product/Application Security, Threat Modelling/Secure Design Reviews, Penetration testing etc.
• Knowledge of most common Application Security vulnerabilities – e.g., OWASP Top 10 Web and API risks, cloud security gaps.
• Familiarity with Security standards such as OWASP, NIST, PCI and CIS/SANS security controls
• Ability to analyze internal and external processes and integration to understand risk
• Understanding of security core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications
• Good written and oral communication to be able to articulate risks to both technical and management stakeholders.
• Strong program and project management skills and technology expertise
• Ability to assess and evaluate corporate risk tolerance and translate into goals and new processes including software engineering, IT teams, and engineering and business stakeholders
• Experience collaborating with a team of security experts in a diverse set of security topics including, but not limited to, security architecture, financial controls and regulatory compliance, identity and access management, penetration testing, data loss prevention, network security, security monitoring, white box testing/static code analysis, and building secure systems
  
  

Desired Skills

• Experience in Financial Services/Fintech
• Knowledge of secure coding language - Python, Java, Go