Tech Risk – Threat Hunter – Engineering – Associate

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. 

Within Technology Risk, the Global Cyber Defense and Intelligence (GCDI) identifies malicious activity, manage the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm. 

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business.  Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business. 

YOUR IMPACT  

In this position you will work alongside incident responders, security engineers, and firm leadership to respond, manage, and mitigate cyber threats. You will be a key addition to the Threat Hunting team, which is focused on proactively identifying threats using data analysis and investigative techniques. You will also drive improvement to the organization’s overall security posture through technical analysis of threat actor behaviors, controls assessments and more. 

HOW YOU WILL FULFILL YOUR POTENTIAL  

Your responsibilities will include proactively hunting in extensive log sets on a wide variety of platforms to identify and investigate previously undetected internal and external threat activity which pose a risk to the organization. To support this, you will also be responsible for transforming the latest cyber threat intelligence into hypothesis for hunting across our environment and advocating for improvements to our preventive and detective control posture as a result of findings identified in your hunting activities. This role offers you a unique opportunity to continuously stretch your technical skills by hands-on hunting for the latest threat actor techniques, whilst also owning strategic projects that see you working closely with other cybersecurity and Engineering functions to improve the organization’s overall security posture.  

Responsibilities include:  

Leveraging large volumes of security sensor log data to proactively hunt for previously undetected internal and external threats across multiple platforms 

Researching and simulating adversarial tactics, techniques, and procedures (TTPs) to conduct a technical assessment of the likely impact of these internal and external threat actors 

Supporting priority incident investigations with hunting expertise to identify the extent of any potential compromise 

Enabling an industry leading cyber defense program by working closely with other technical, vulnerability management, incident management, intelligence and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors, and ultimately drive improvement to the organizations’ overall security posture  

BASIC QUALIFICATIONS  

Experience conducting threat hunting with multiple data sources using common hunt methodologies and tooling 

Experience scripting, automated hunting, and building connectors to APIs and data repositories 

Broad understanding of Windows and Linux Operating Systems, networking protocols 

Public cloud experience 

Detail oriented 

Proven verbal and written communication skills, with an ability to clearly explain complex technical challenges 

PREFERRED QUALIFICATIONS  

3-6+ years of relevant cybersecurity experience in threat hunting, incident response, or forensics 

Expertise in cyber threat hunting, investigations 

Experience with scripting and data analysis 

#TechRiskCybersecurity  

ABOUT GOLDMAN SACHS  

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.   
   
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and Firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.   
   
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html