Job Description

:WHO WE ARELed by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Global Cyber Defense and Intelligence (GCDI) team identifies malicious activity, manages the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks using detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.YOUR IMPACTIn this role, you will join an advanced threat detection and response team, drive proactive identification of threats within the organization, provide rapid response, develop detections by pivoting large data streams, leveraging analytic techniques such as Standard deviation, Simple matching, Stack counting, Outlier detection, Regex, Entity-Based, and Event-based.HOW YOU WILL FULFILL YOUR POTENTIALAs a Security Engineer in GCDI\'s Threat Management Center, you will be an integral part of a technical team that is responsible for providing the GCDI organization with security sensors and data sets that increase awareness of current and potential Cyber Threats. The ideal candidate should be someone with cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in utilizing security information for detection engineering, live intrusions and triage security events in real-time. You will conduct cyber event and incident response investigations and remediate security gaps using world-class security tooling. You will also have opportunities to automate incident response workflows and remediation activities in order to increase the efficacy of our incident response efforts.Job Responsibilities:

• Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors
• Work at the forefront of designing an innovative threat and security incident management solution
• Coordinate and triage response to cybersecurity events and conduct forensic analysis
• Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
• Perform host-based and network forensic investigations, determining the cause of the security incident and preserving evidence for potential legal action
• Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs\' global business network
• Contribute to improve the efficiency of the Security sensors by looking for opportunity to tune the security controls to adjust to the ever-evolving security threat land scape
• Effectively lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination
• Experience in developing use cases based on adversarial tactics, techniques and procedures (TTPs), and tuning event detection rules to optimize detection efficacy

Basic Qualifications:

• Strong verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security challenges.
• In-depth understanding of security frameworks (MITRE ATT&CK, NIST), threat intelligence, and automation strategies.
• Strong sense of ownership and driven to manage tasks to completion
• Proficient scripting skills utilizing both Python and PowerShell

Preferred qualifications:

• 1+ years of experience in cybersecurity
• Proficiency in scripting languages (Python, PowerShell), and other security tools (SIEM, EDR, etc.).
• Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)
• At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR

#TechRiskCybersecurityABOUT GOLDMAN SACHSAt Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.We believe who you are makes you better at what you do. We\'re committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.We\'re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more:\xc2\xa9 The Goldman Sachs Group, Inc., 2023. All rights reserved.Goldman Sachs is an equal employment/affirmative action employer

Goldman Sachs