Job Description

WHO WE ARE

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Global Cyber Defense and Intelligence (GCDI) team identifies malicious activity, manages the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks using detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.  

YOUR IMPACT

In this role, you will have the opportunity to significantly enhance the organization's security posture by being part of the Security Orchestration and Automated Response (SOAR) program to automate and streamline incident response, reducing reaction times and improving overall threat management efficiency. Technical expertise and leadership will drive continuous improvement, ensuring robust protection against evolving cyber threats.

HOW YOU WILL FULFILL YOUR POTENTIAL

As a Security Engineer in GCDI’s Threat Management Center, you will be an integral part of a technical team that is responsible for providing the GCDI organization with security sensors and data sets that increase awareness of current and potential Cyber Threats. This role offers the chance to fully harness and expand your technical expertise in advanced SOAR technologies, driving critical security initiatives that directly impact the organization’s resilience against cyber threats. The position also provides continuous exposure to the latest innovations in automated threat response, allowing the candidate to stay ahead of emerging threats and industry trends. This will not only solidify their standing as an expert in the field but also open up opportunities for further career growth and influence within the cybersecurity domain.

Job Responsibilities:

• Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors
• Work at the forefront of designing an innovative threat and security incident management solution
• Lead the design, implementation, and continuous improvement of the SOAR program to enhance security operations and incident response capabilities.
• Develop and optimize SOAR playbooks, integrating various security tools and platforms to automate threat detection, incident response, and remediation processes.
• Coordinate and lead incident response activities, ensuring timely and effective mitigation of security incidents through automation and orchestration.
• Work closely with cross-functional teams, including SOC, IT, DevOps, and Risk Management, to align SOAR capabilities with organizational security objectives.
• Oversee the integration of SOAR with other security technologies such as SIEM, IDS/IPS, firewalls, EDR, and threat intelligence platforms.
• Customize SOAR workflows, scripts, and connectors to meet the specific needs of the organization, ensuring seamless interoperability between systems.
• Define and monitor key performance indicators (KPIs) to measure the effectiveness of the SOAR program, and report findings to senior management.
• Provide technical guidance and mentorship to security analysts, fostering a culture of continuous learning and development within the team.
• Manage relationships with SOAR vendors and service providers, ensuring the organization’s requirements are met and emerging technologies are leveraged.
• Ensure the SOAR program aligns with industry standards, regulatory requirements, and cybersecurity best practices.

Basic Qualifications:

• Strong verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges.
• In-depth understanding of security frameworks (MITRE ATT&CK, NIST), threat intelligence, and automation strategies.
• Strong sense of ownership and driven to manage tasks to completion
• Proficient scripting skills utilizing both Python and PowerShell

Preferred qualifications:

• 7+ years of experience in cybersecurity, with at least 3 years focused on SOAR technologies and incident response. 
• Proficiency in SOAR platforms (e.g., Splunk Phantom, Demisto, Siemplify), scripting languages (Python, PowerShell), and integration with security tools (SIEM, EDR, etc.).
• Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)
• At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR

#TechRiskCybersecurity

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. 

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

© The Goldman Sachs Group, Inc., 2023. All rights reserved.

Goldman Sachs is an equal employment/affirmative action employer

', 'CorporateDescriptionStr' : '', 'OrganizationDescriptionStr' : '', 'ShortDescriptionStr' : 'WHO WE ARELed by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA.', 'ContentLocale' : 'en', '