Wealth Management-Albany-Associate-Security Engineering

Security Engineer

What We Do

At Goldman Sachs, our Engineers don’t just make things – we make things possible.  Change the world by connecting people and capital with ideas.  Solve the most challenging and pressing engineering problems for our clients.  Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.  Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.  Want to push the limit of digital possibilities?  Start here.

Who We Look For

Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

Asset & Wealth Management Engineering 

Across Wealth Management, Goldman Sachs helps empower clients and customers around the world to reach their financial goals. Our advisor-led wealth management businesses provide financial planning, investment management, banking and comprehensive advice to a wide range of clients, including ultra-high net worth and high net worth individuals, as well as family offices, foundations and endowments, and corporations and their employees. Our consumer business provides digital solutions for customers to better spend, borrow, invest, and save. Across Wealth Management, our growth is driven by a relentless focus on our people, our clients and customers, and leading-edge technology, data and design.

Job Duties: 

• Responsible for performing security assessments of business-initiated projects helping to drive adoption of application and infrastructure security controls and best practices.
• Ensure security and privacy by design, including design process improvements, assessment of controls, data models, cryptographic implementation, and compliance and regulatory needs.
• Collaborate with technical teams on major technology initiatives to ensure security exists at the outset of a design or project.
• Advise on leading edge engineering to protect the firm’s network from security risks related to client/server architectures, Cloud architectures, web services and mobile applications.
• Drive implementation of security controls in various platforms by working with technology infrastructure teams.
• Collaborate with the global team to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness.
• Convey complicated technical analyses via comprehensive presentations.
• Communicate status and risks in a succinct, direct, and open manner for proper issue management life cycle tracking.
• Review security controls and how they apply to different designs and systems in order to identify security gaps.
• Highlight and articulate risk to developers or engineers.
• Develop, build, and implement data analytic solutions using tools such as SQL and Tableau to analyze data to improve audit efficiency and effectiveness, including for risk assessments. 
• Analyze the business and technology processes to evaluate the effectiveness of the relevant technology controls by comparing system features to business and technology requirements, as well as Federal Reserve, New York State Department of Financial Services, and Comptroller of the Currency consumer regulations. 
• Perform assessments of technologies leveraging common web stack technologies such as Java. 
• Perform controls testing, such as secure development, network security, and segregation, including evaluating if security vulnerabilities are properly identified and mitigated.

Minimum education requirements/degree and field & minimum years of experience required: 

Master’s degree (U.S. or foreign equivalent) in Cyber Security, Cybersecurity and Networks, Computer Science, Computer Engineering, or a related field and one (1) year of experience in the job offered or a related Security Engineering role.

OR

Bachelor’s degree (U.S. or foreign equivalent) in Cyber Security, Cybersecurity and Networks, Computer Science, Computer Engineering, or a related field and three (3) years of experience in the job offered or a related Security Engineering role. 

Special Skills and/or Licenses Required to Perform the Job:

r employment must include one (1) year of experience (with a Master’s degree) or three (3) years of experience (with a Bachelor’s degree) with:

• Technical understanding of both application and infrastructure architecture and security (on premise and Cloud).
• Working with application security best practices including OWASP and CWE.
• Working with application security vulnerabilities and controls to remediate risks.
• Assessing and mitigating software security threat vectors, threat modeling, attack surface analysis, security design reviews, source code reviews, penetration testing or vulnerability assessments.
• Working in shift left environment to help embed security in Design phase to implement security controls within system architecture. 
• Conducting infrastructure or application security risk assessments.

Salary Range 
The expected base salary for this Albany, New York, United States-based position is $95000-$145000. In addition, you may be eligible for a discretionary bonus if you are an active employee as of fiscal year-end.

Benefits 
Goldman Sachs is committed to providing our people with valuable and competitive benefits and wellness offerings, as it is a core part of providing a strong overall employee experience. A summary of these offerings, which are generally available to active, non-temporary, full-time and part-time US employees who work at least 20 hours per week, can be found here.