Application Security Engineer
6 miesięcy temu
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
Role
In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm.
The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness.
RESPONSIBILITIES AND QUALIFICATIONS
The Secure-SDLC team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.
Responsibilities
You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function including, but not limited to;
Lead and support static, dynamic and security awareness services Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements Lead S-SDLC training and guidance on security related issues Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC) Lead product evaluation and help engineer tools and solutions that will facilitate the adoption of security controls across the firm Review and provide advice and consultation to business owners for the identified security issuesBasic Qualifications
Have a minimum of 5 years’ experience in information security or related field. You will use your strong technical, interpersonal, organizational, written, and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:
Understanding of common application security vulnerabilities and controls to remediate. Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management Ability to provide clear guidance on vulnerability remediation Expert/Advanced knowledge of Secure software development practices and frameworks Expert/Advanced knowledge of Secure Code Review and Application Security assessment Expert/Advanced knowledge of at least one major programming language (. Java, Python, Go Expert/Advanced knowledge of CI/CD platforms . Gitlab, Jenkins, BitBucket CI, Bamboo, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar) Expert/Advanced knowledge of DevSecOps solutions . Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile SecurityPreferred qualifications:
Program management skills Expert Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applicationsABOUT GOLDMAN SACHS
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at /careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.
-
Application Security Tooling Engineer III
1 miesiąc temu
Warsaw, Polska myGwork Pełny etatThis job is with Box, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. WHAT IS BOX? Box is the world's leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders...
-
Application Security Tooling Engineer III
4 tygodni temu
Warsaw, Polska myGwork Pełny etatJob DescriptionThis role is with Box, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.What is Box?Box is the world's leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500...
-
Application Security Tooling Engineer III
5 miesięcy temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Senior Cloud Application Security Engineer
1 miesiąc temu
Warsaw, Polska Sportradar Pełny etatJob DescriptionSenior Cloud Application Security EngineerLocation: Warsaw (Hybrid) or Anywhere from Poland (Remote)Sportradar is the leading global provider of sports data and entertainment products and services. Since 2001, we have occupied a unique position at the intersection of the sports, media and betting industries; providing sports federations, news...
-
Senior Cloud Application Security Engineer
1 miesiąc temu
Warsaw, Polska Sportradar Polska Sp. z o.o. Pełny etattechnologies-expected : Java .NET Python JavaScript AWS Kubernetes Protobuf gRPC GraphQL MySQL Kafka technologies-optional : Google Cloud Platform about-project : The Senior Cloud Application Security Development professional will be part of the Secure Software Development team within Product Security, dedicated to fixing identified application-level...
-
Product Security Engineer
4 tygodni temu
Warsaw, Polska myGwork Pełny etatThis job is with Warner Bros. Discovery, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly. Welcome to Warner Bros. Discovery... the stuff dreams are made of. Who We Are... When we say, "the stuff dreams are made of," we're not just referring to the...
-
Copy of Senior Cloud Application Security Engineer
2 tygodni temu
Warsaw, Polska Sportradar Pełny etatJob DescriptionSenior Cloud Application Security EngineerLocation: Warsaw (Hybrid) or Anywhere from Poland (Remote)Sportradar is the leading global provider of sports data and entertainment products and services. Since 2001, we have occupied a unique position at the intersection of the sports, media and betting industries; providing sports federations, news...
-
Security Engineer
1 miesiąc temu
Warsaw, Polska HIRELY Pełny etatSpółkę HIRELY tworzą profesjonaliści, którzy posiadają wiele lat doświadczenia w takich obszarach jak: IT, BI, zarządzanie projektami i przedsiębiorstwami. Cechuje nas wysoka jakość i efektywność realizowanych projektów poprzez właściwe dopasowanie kandydata do profilu poszukiwanego stanowiska i kultury organizacyjnej panującej w...
-
Senior Network Security Engineer
4 tygodni temu
Warsaw, Polska Robert Bosch Sp. z o.o. Pełny etatJob Title: Senior Network Security EngineerRobert Bosch Sp. z o.o. is seeking a highly skilled Senior Network Security Engineer to join our team.Job Summary:We are looking for a seasoned Network Security Engineer to implement and operate solutions that meet our internal customers' needs. The ideal candidate will have a strong background in network...
-
Security Engineer
2 miesięcy temu
Warsaw, Polska The Stepstone Group Pełny etatJob Description Your responsibilities CI/CD Integration: Develop and integrate security tools into our CI/CD pipelines to automate security testing, code analysis, and vulnerability scanning throughout the development lifecycle. Threat Modeling Automation: Create and maintain automated threat modeling processes to identify and assess potential...
-
Senior Consultant in Application Security
2 miesięcy temu
Warsaw, Polska Deloitte Pełny etatDescription & Requirements Who we are looking for We are looking for a candidate experienced with Security & GRC, dedicated to develop further in these areas and use his/her experience to advise our clients. The candidate will play a key role in handling client engagements, as well as utilizing strong technical experience to find solutions that best...
-
Cloud Security Engineer
2 tygodni temu
Warsaw, Polska Fusion Consulting Pełny etatJob DescriptionSecurity / Cloud Security EngineerWe are looking for a dedicated Security / Cloud Security Engineer to safeguard our cloud and on-premise infrastructures, ensuring they meet top-tier security standards and comply with regulatory and company policies. This role involves implementing security best practices across both environments, managing...
-
Information Security Engineer
2 miesięcy temu
Warsaw, Polska Sportradar Pełny etatJob DescriptionOVERVIEW: The Security Engineering squad is a group of security engineers with the clear mission to enable IT Security and Information Security processes by internally providing specialized services. The squad acts as an internal service provider supporting both security focused teams and other business units. As Subject Matter Experts...
-
Senior Network Security Engineer
5 miesięcy temu
Warsaw, Polska Robert Bosch Sp. z o.o. Pełny etattechnologies-expected : Python Ansible Git responsibilities : Senior Network Security Engineer responsible for implementing and operating solutions to meet our internal customers needs Responsible for operations and optimization of Bosch''s worldwide Loadbalancer, Secure Web gateway(Proxy) and Web Application Firewall Infrastructure Be a part of a strategic...
-
Information Security Engineer
1 tydzień temu
Warsaw, Polska Sportradar Pełny etatJob DescriptionOVERVIEW: The Security Engineering squad is a group of security engineers with the clear mission to enable IT Security and Information Security processes by internally providing specialized services. The squad acts as an internal service provider supporting both security focused teams and other business units. As Subject Matter Experts...
-
Security Tooling Engineer II
6 miesięcy temu
Warsaw, Polska Box Pełny etatWHAT IS BOX?Box is the world’s leading Content Cloud. We are trusted by more than 115K organizations around the world today, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries (such as AstraZeneca, JLL, and Nationwide), to protect their data, fuel collaboration, and power critical workflows with secure, enterprise AI.By...
-
Global IT Security Engineer
4 miesięcy temu
Warsaw, Polska GOLDMAN RECRUITMENT Pełny etatFor our client global manufacturing company we are looking for candidates for a position of Global IT Security Engineer.Responsibilities:develop and maintain a comprehensive IT security strategy that aligns with organizational goals,conduct security assessments and audits, identify vulnerabilities, and prioritize remediation based on potential business...
-
Senior Information Security Engineer
1 tydzień temu
Warsaw, Polska Sportradar Pełny etatJob DescriptionJoin Our Team as a Senior Security Engineer at Sportradar! Are you ready to elevate your career in one of the fastest-growing sectors in the digital sports environment? At Sportradar, we provide a platform for you to gain international recognition for your expertise while working alongside industry leaders. This is more than just a job –...
-
Product Security Specialist
4 tygodni temu
Warsaw, Polska myGwork Pełny etatProduct Security SpecialistWarner Bros. Discovery is seeking a Product Security Specialist to join our Global Information and Content Security team. As a key member of our team, you will work closely with Direct to Consumer (DTC) teams to design and deploy appropriate, risk-based application security safeguards and technical application security controls to...
-
Application Support Engineer L2
6 miesięcy temu
Warsaw, Polska PAYBACK Pełny etatAs 2nd Level Application Support Engineer you will work in an international environment with development colleagues to ensure Application availability for PAYBACK Italy, Austria and Poland. Your responsibilities: Application support Engineer 2nd Level working in DevOps model. Good verbal and written communication skills. Good...
