Tech Risk – Global Cyber Defense & Intelligence – Vulnerability Response – Associate

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA.

Within Technology Risk, the Global Cyber Defense & Intelligence (GCDI) identifies malicious activity, manage the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm. Vulnerability Response (VR) team within GCDI performs one of the most critical security and risk functions at the firm – detecting vulnerabilities in our technology and ensuring their remediation before they can be exploited by malicious hackers.

Goldman Sachs has one of the most progressive Technology Risk teams in the industry and is continuing to push the development of risk in preference to security within technology and the business.  Year on year success has led the team to work deeper into the organization and gain valuable insights into how technology needs to function, what its risk really is and how this impacts the business.

YOUR IMPACT

You will be a key addition to the Vulnerability Response team, which continuously strives to contribute immensely to the betterment of the overall security posture of the organization. This role will offer you a great platform to apply your knowledge and skills as well as an opportunity to engage with key stakeholders within the organization to consistently improve the program through various activities such as vulnerability discovery, risk assessment, tracking, and reporting. 

HOW YOU WILL FULFILL YOUR POTENTIAL

In this role, you will part of well-established Vulnerability Response team and will be responsible for driving various activities to ensure the successful detection, review, and remediation of vulnerabilities. This includes applying your analytical, reasoning. And specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, false positive identification, and engagement with various teams for remediation activities.

The ideal candidate should have strong experience performing vulnerability assessments and penetration tests for large enterprises. The candidate will also have deep expertise in vulnerability triaging and supporting large scale vulnerability management programs.

RESPONSIBILITIES

• Execute and support the firm’s global Vulnerability Response program as part of the team within Technology Risk.
• Collaborate extensively with the firm’s engineering teams (across both business applications and core infrastructure) help them understand their software, infrastructure and cloud related vulnerabilities and collectively develop risk mitigation strategies.
• Tactically guide the Vulnerability Response plan, to coordinate, monitor and support activities in the areas of the VR program, security patch and remediation management.
• Provide risk assessment and remediation expertise for vulnerability remediation for on-premise and cloud-based infrastructure.
• Execution of processes and procedures in support of the vulnerability management lifecycle from identification, triaging, reporting to remediation.
• Provide risk assessment input into patch management policies and activities for multiple platforms across the firm.
• Maintain an understanding of current and emerging threats, vulnerabilities, and trends.
• Support the development and reporting of key metrics and reporting for the program.

Basic Qualifications

• Clear communication skills, both verbal written, including the ability to clearly articulate technical vulnerabilities and associated risks to both technical and non-technical audiences.
• Strong project and program management skills, including the ability to lead and uplift projects from start to finish with autonomy and attention to details.
• Experience working within a vulnerability management or related program in a complex and diverse global environment. 
• Experience with cloud infrastructure-based vulnerability management methodologies and programs.
• Knowledge on SSDLC methodologies and integrating security into CI/CD pipelines.
• Experience with industry standard patch management and vulnerability management tools and techniques. 
• A passion for, and deep understanding of, the technical aspects of information security with particular focus on vulnerability and threat management.

Preferred Experience/Qualifications

• Bachelor’s degree or higher preferred. 
• Experience in managing large scale response/remediation efforts across organizations with heterogeneous technology stacks.
• Experience using industry standard vulnerability assessment and management tools (such as Nmap, Nessus, Splunk, Prisma or Qualys, ASM tools) and interpreting, analyzing and assessing their data output.
• Experience working as part of a global team. 
• Significant application, infrastructure or cloud security experience, including penetration testing, hardware/Network assessments, and risk assessments.

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. 

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

 

© The Goldman Sachs Group, Inc., 2021. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Veteran/Sexual Orientation/Gender Identity