Application Security Engineer
3 miesięcy temu
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
Role
In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm.
The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness.
RESPONSIBILITIES AND QUALIFICATIONS
The Secure-SDLC team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.
Responsibilities
You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function including, but not limited to;
Lead and support static, dynamic and security awareness services Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements Lead S-SDLC training and guidance on security related issues Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC) Lead product evaluation and help engineer tools and solutions that will facilitate the adoption of security controls across the firm Review and provide advice and consultation to business owners for the identified security issuesBasic Qualifications
Have a minimum of 5 years’ experience in information security or related field. You will use your strong technical, interpersonal, organizational, written, and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:
Understanding of common application security vulnerabilities and controls to remediate. Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management Ability to provide clear guidance on vulnerability remediation Expert/Advanced knowledge of Secure software development practices and frameworks Expert/Advanced knowledge of Secure Code Review and Application Security assessment Expert/Advanced knowledge of at least one major programming language (. Java, Python, Go Expert/Advanced knowledge of CI/CD platforms . Gitlab, Jenkins, BitBucket CI, Bamboo, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar) Expert/Advanced knowledge of DevSecOps solutions . Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile SecurityPreferred qualifications:
Program management skills Expert Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applicationsABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at /careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.
-
Application Security Tooling Engineer III
1 tydzień temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Application Security Tooling Engineer III
1 tydzień temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Application Security Tooling Engineer III
1 miesiąc temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Application Security Tooling Engineer III
4 tygodni temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Warsaw, Polska Box Inc. Pełny etatApplication Security Tooling Engineer III *Our compensation structure is the base salary and equity in the form of restricted stock units. WHAT IS BOX? Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such...
-
Security Engineer
6 dni temu
Warsaw, Polska T-Mobile Pełny etatSecurity Engineer - Security Tribe Miejsce pracy: Warszawa Technologies we use Expected AWS Python Bash PowerShell About the project T-Mobile Poland is a leader in telecommunication, dedicated to providing innovative solutions that drive growth and efficiency for our clients. Our commitment to security and integrity is at the forefront of our operations,...
-
Senior Application Security Engineer
4 tygodni temu
Warsaw, Polska DataArt Pełny etatResponsibilities Create detailed process management workflows to ensure security engineering activities are tracked, processes reviewed, policies are followed, and audit requirements are met Build trusted relationships with product engineering teams, developers, and architects, establishing yourself as a security authority with deep understanding of...
-
Security Engineer
1 tydzień temu
Warsaw, Polska T-Mobile Pełny etattechnologies-expected : AWS Python Bash PowerShell about-project : T-Mobile Poland is a leader in telecommunication, dedicated to providing innovative solutions that drive growth and efficiency for our clients. Our commitment to security and integrity is at the forefront of our operations, and we are seeking a talented Security Engineer to join our team. As...
-
Security Engineer
4 tygodni temu
Warsaw, Polska Certara Pełny etatOverview Security Engineer plays a key part for correlation rules and dashboard creation and support the rest of the team. The Security Engineer works in a team with an investigative spirit, good perception, and judgment of the security landscape. The Security Engineer will help develop our strategy for finding innovative ways to monitor our...
-
Consultant - Application Security @
2 tygodni temu
Warsaw, Polska Link Group Pełny etatBachelor's degree in software engineering or related field, or equivalent practical experience.Minimum of 5 years working as a software developer or DevOps specialist.Proficiency in English communication (CEFR Level C1).Ability to identify and address vulnerabilities listed in OWASP Top10.Knowledge of object-oriented programming languages such as Java or...
-
Network Security Engineer
1 tydzień temu
Warsaw, Polska Robert Bosch Sp. z o.o. Pełny etatNetwork Security Engineer Miejsce pracy: Warszawa Technologies we use Expected Jira Operating system Windows About the project To protect our IT assets, Bosch is segmenting its worldwide IT network with various network security technologies. To ensure compliance with our IT security guidelines, we are searching for an "IT Security Engineer", who...
-
Netwitness Sr Systems Engineer
1 miesiąc temu
Warsaw, Polska RSA Security Pełny etatThe System Engineer role is responsible for providing exemplary technical support to the sales team focusing on both a territory and named enterprise accounts. The System Engineer assists in driving new business from prospective and existing customer accounts within their respective assigned territories, and meeting and/or exceeding the sales quotas to...
-
Netwitness Sr Systems Engineer
4 tygodni temu
Warsaw, Polska RSA Security Pełny etatThe System Engineer role is responsible for providing exemplary technical support to the sales team focusing on both a territory and named enterprise accounts. The System Engineer assists in driving new business from prospective and existing customer accounts within their respective assigned territories, and meeting and/or exceeding the sales quotas to...
-
Application Security Penetration Tester
4 tygodni temu
Warsaw, Polska Vodeno Pełny etatWHAT WE DO Hi, we are Vodeno. We are innovators in the Banking-as-a-Service space. Our technology is cloud-native, and our teams work in the cloud like fish in water. Supported by a leading global equity firm and the ecosystem of nearly 90 partners, our Platform opens new opportunities for businesses across Europe to integrate financial products and services...
-
Consultant - Application Security @ Link Group
4 tygodni temu
Warsaw, Polska Link Group Pełny etatBachelor's degree in software engineering or related field, or equivalent practical experience. Minimum of 5 years working as a software developer or DevOps specialist. Proficiency in English communication (CEFR Level C1). Ability to identify and address vulnerabilities listed in OWASP Top10. Knowledge of object-oriented programming languages such as Java...
-
Network Security Engineer
2 dni temu
Warsaw, Polska Robert Bosch Sp. z o.o. Pełny etattechnologies-expected : Jira about-project : To protect our IT assets, Bosch is segmenting its worldwide IT network with various network security technologies. To ensure compliance with our IT security guidelines, we are searching for an "IT Security Engineer", who supports us evaluating customer change requests as well as the verification of existing...
-
Network Security Engineer
4 tygodni temu
Warsaw, Polska Bosch Group Pełny etatJob DescriptionJob Description:To protect our IT assets, Bosch is segmenting its worldwide IT network with various network security technologies. To ensure compliance with our IT security guidelines, we are searching for an "IT Security Engineer", who supports us evaluating customer change requests as well as the verification of existing configurations of...
-
Network Security Engineer
1 tydzień temu
Warsaw, Polska Bosch Group Pełny etatJob DescriptionTo protect our IT assets, Bosch is segmenting its worldwide IT network with various network security technologies. To ensure compliance with our IT security guidelines, we are searching for an "IT Security Engineer", who supports us evaluating customer change requests as well as the verification of existing configurations of firewalls and...
-
Network Security Engineer
4 tygodni temu
Warsaw, Polska Bosch Pełny etatJob Description : To protect our IT assets, Bosch is segmenting its worldwide IT network with various network security technologies. To ensure compliance with our IT security guidelines, we are searching for an "IT Security Engineer", who supports us evaluating customer change requests as well as the verification of existing configurations of firewalls and...
-
471 | DevSecOps/Cloud Security Engineer
4 tygodni temu
Warsaw, Polska Intetics Pełny etatIntetics Inc., an American leading global technology company providing custom software application development, distributed professional teams, software product quality assessment, and “all-things-digital” solutions, is looking for a DevSecOps/Cloud Security Engineer to join our team.About the project:As a DevSecOps/Cloud Security Engineer, you will work...
