Goldman Sachs & Co. IMD Technology - PWM Ayco Technology - App Risk in Bengaluru, Indiana

MORE ABOUT THIS JOB

What We DoAt Goldman Sachs, our Engineers don’t just make things – we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here.Who We Look ForGoldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

The Private Wealth Management (PWM) business provides end to end Investment Management services and advice across a large range of asset classes for high net worth individuals. PWM leverages a global technology platform offering, an integrated suite of tools, and applications to onboard clients. Our software helps realize a client’s goals and objectives, develops and implements an integrated wealth management plan and delivers first-class client service.

This position is working with the Ayco Technology Group. Founded in 1971, Ayco has become one of the nation’s leading providers of comprehensive financial management for institutions, not-for-profits, high net worth individuals and their families. Acquired by Goldman Sachs in 2003, this unique partnership has allowed Ayco to offer a wide range of financial services while maintaining a high level of customized service to customers and clients. You will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. You will interact with within the Technology and Technology Risk teams, but also gain the breadth of experience and knowledge to facilitate future career moves into other risk & control roles across the firm.

RESPONSIBILITIES AND QUALIFICATIONS

Job Summary

• Support the Technology Risk Advisory function by performing application penetration testing, educating development teams on secure coding practices, and evaluating system designs for potential weaknesses;

• Participate in Application security testing to include source code analysis, dynamic application security testing using open source and commercial tools;

• Keep pace with emerging security threats, technologies, and systems.

Basic Qualifications

• 5+ years operational experience in application vulnerability assessment as well as penetration testing of web, thick-client, thin-client or mobile applications.

• Bachelor of Science in Computer Science, System/Computer Engineering, Cyber-Security or Information Security

• Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.

• Development, software engineering, and scripting expertise using current languages (.Net, Java, Python, SQL, Javascript, HTLM, etc.)

• Experience in performing code review of popular web application programming languages (Java, Javascript, C++, C#, Python, Perl, optionally Objective-C, etc.)

• Familiarity with common web stack technologies (e.g. HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g. DropWizard, AngularJS, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.)

• Understanding of core cryptography concepts (encryption, hashing, HMAC, digital signature) and how they are applied and attacked in web applications (e.g. TLS attacks, CBC attacks)

• At least one of the following certifications (or comparable): CISSP, OSCP, GIAC-GSSP, CCNA/CCNP, CPTE, CEPT

Preferred Qualification

• Proficient verbal and written communication skills.

• Experience with penetration testing tools such as BURP suite, Zap or similar.

• Knowledgeable of security risks related to web, mobile, web services, and client/server architectures.

• Experience in analyzing and decomposing application architectures to identify security gaps.

• Understand the crafting of custom proof of concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.

• Solid knowledge of network, application and operating system security risks.

• Ability to communicate and develop the integration of vulnerability testing as a critical component within SDLC.

• Experience or trainings in related disciplines e.g. computer science, computer security, software development, system design, open source frameworks, encryption schemes, etc.

ABOUT GOLDMAN SACHS

The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.

© The Goldman Sachs Group, Inc., 2018. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.

Job ID2018-42245

Schedule TypeFull Time

LevelVice President/Executive Director

Function(s)Technology

RegionIndia

DivisionEngineering

Business UnitPWM Technology

Employment TypeEmployee