- Lead and support static, dynamic and security awareness services
- Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements
- Lead S-SDLC training and guidance on security related issues
- Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC)
- Lead product evaluation and help engineer tools and solutions that will facilitate the adoption of security controls across the firm
- Review and provide advice and consultation to business owners for the identified security issues
- Understanding of common application security vulnerabilities and controls to remediate.
- Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
- Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management
- Ability to provide clear guidance on vulnerability remediation
- Expert/Advanced knowledge of Secure software development practices and frameworks
- Expert/Advanced knowledge of Secure Code Review and Application Security assessment
- Expert/Advanced knowledge of at least one major programming language (. Java, Python, Go
- Expert/Advanced knowledge of CI/CD platforms . Gitlab, Jenkins, BitBucket CI, Bamboo, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar)
- Expert/Advanced knowledge of DevSecOps solutions . Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile Security
- Program management skills
- Expert Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applications
ABOUT GOLDMAN SACHS -
Network Security Engineer
1 dzień temu
Teamquest Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzinNasz klient to dynamicznie rozwijająca się firma doradcza i technologiczna, która od ponad 25 lat wspiera branżę ubezpieczeniową w transformacji cyfrowej. · Dzięki zaufaniu najważniejszych światowych firm technologicznych, nasz klient oferuje kompleksowe usługi w zakresie doradzt ...
-
Network Security Engineer @
6 dni temu
Link Group Warsaw, Polska W pełnym wymiarze godzinBiegła znajomość koncepcji, protokołów i technologii związanych z bezpieczeństwem sieciowym (np. · TCP/IP, DNS, VPN, SSL/IPSec, NGFW, IDS/IPS, NAC, Proxy) Doświadczenie w wdrażaniu rozwiązań związanych z segmentacją sieciową, np. · firewalli zonalnych, mikrosegmentacji Doświadcze ...
-
Cloud Security Engineer
45 minut temu
in4ge Warsaw, PolskaTwoja rola: · Projektowanie, wdrażanie i utrzymywanie rozwiązań związanych z bezpieczeństwem w infrastrukturze chmurowej · Monitorowanie bezpieczeństwa, wykrywanie i reagowanie na incydenty zagrożenia · Audytowanie i testowanie podatności systemów chmurowych na zagrożenia · Tworz ...
-
Junior Security Operations Engineer
1 tydzień temu
7n Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzinTechnologies-expected : Mac OS Unix GCP AWS Kubernetes SIEM technologies-optional : Python about-project : Poszukujemy Junior Sec Ops Engineera dla naszego klienta, jednego z największych banków w Wielkiej Brytanii z siedzibą w Londynie. · Firma oferuje rozwiązania zapewniające u ...
-
Remote Security Engineer
4 dni temu
Connectis Centrum, Warszawa, Polska W pełnym wymiarze godzinWspólnie z naszym Partnerem, globalną prywatną wytwarzającą produkty konsumenckie oraz artykuły przemysłowe poszukujemy specjalisty na stanowisko Security Engineera. Nasz Partner skupia się na linii produktów z własną marką oraz markami prywatnymi obsługujące rynki instytucjonaln ...
-
Cyber Security Engineer
5 dni temu
XTB Prosta , Warszawa, Polska W pełnym wymiarze godzinSzukamy osoby do działu bezpieczeństwa IT w XTB, która będzie współpracowała z zespołami wytwórczymi nad podniesieniem kultury bezpieczeństwa w wytwarzaniu oprogramowania. · XTB to przede wszystkim innowacyjność i ciągły rozwój. Tworzymy największą regulowaną firmę inwestycyjną i ...
-
Senior Security Engineer
2 dni temu
MANGOPAY -, Warszawa, Polska W pełnym wymiarze godzinAt Mangopay, our mission is to power the payment infrastructure and payment operations of the world's biggest and most exciting marketplaces & platforms. · We provide marketplaces and platforms with powerful modular payment and regulatory solutions. Since 2013, we have enabled th ...
-
Security Lead Engineer
3 dni temu
Relout Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzinTechnologies-expected : AWS Linux Docker Serverless technologies-optional : Python Type Script about-project : We are currently looking for a Security Lead Engineer, willing to join a project for our strategic client – one of the largest manufacturing companies from Sweden, offe ...
-
Cloud Security Engineer
3 dni temu
Mindbox S.a. Warsaw, Polska W pełnym wymiarze godzinTechnologies-expected : AWS Google Cloud Platform Terraform Kubernetes about-project : We're looking for a Cloud security engineer to join our Client's growing Technology team. · Working within the security team you'll play a key part in securing their cloud native Iaa S and Paa ...
-
Security Engineering Manager
1 tydzień temu
DLA Piper Warsaw, PolskaThe role · The Security Engineering team is responsible for supporting our Security Operations team by leading the configuration, selection, maintenance and development of essential security technologies that continue to mature our ability to detect, investigate and mitigate thre ...
-
O365 Security Engineer
1 tydzień temu
Dun & Bradstree Warsaw, Polska Employee: W pełnym wymiarze godzinWhy We Work at Dun & Bradstreet Dun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,500+ global team members are ...
-
Cloud Security Engineer
1 tydzień temu
Michael Page Warsaw, PolskaWork closely with the Cloud Security Architects to implement our cloud reference architecture · Work with IT team, as well as with business owners of cloud applications to implement reference architecture to meet business requirements · Integrate with cloud projects and verify th ...
-
Cloud Security Engineer @
1 tydzień temu
Avenga Warsaw, Polska W pełnym wymiarze godzin5+ years of experience on similar position Excellent knowledge of AWS and/or GCP Iaa S and Paa S Experience of designing secure cloud environments Strong understanding of cloud security tooling and monitoring capabilities Automation and scripting experience Experience with Terraf ...
-
Cyber Security Engineer
45 minut temu
Bosch Warsaw, Polska W pełnym wymiarze godzinJob Description · Tasks: · Automate security event handling processes in collaboration with incident response, threat intelligence and SOC teams · Look for possibilities for improvements, propose and finally implement them · Close collaboration with experts in Poland, Germany, I ...
-
Offensive Security Engineer
1 tydzień temu
C.H. Robinson Warsaw, Polska W pełnym wymiarze godzinC.H. Robinson is seeking an to join our Warsaw office/global team. In this role, you'll lead red team exercises, fortifying our applications' security. Your expertise will integrate offensive security practices into our SDLC, identifying vulnerabilities and bolstering our dig ...
-
Cyber Security Engineer
1 tydzień temu
Bosch Warsaw, Polska W pełnym wymiarze godzinJob Description · Tasks: · Develop and maintain cyber security tools (Python, Shell) · Automate cyber security processes (Python, SQL, Ansible, Terraform, Azure DevOps) · Monitor and analyze cyber security operations · Integrate tools and applications used in cyber security orga ...
-
Security Tooling Engineer Ii @
20 godzin temu
Box Inc. Warsaw, Polska W pełnym wymiarze godzinSecurity Tooling Engineer II *Our compensation structure is the base salary and equity in the form of restricted stock units. · WHAT IS BOX? Box is the market leader for Cloud Content Management. · Our mission is to power how the world works together. · Box is partnering with ent ...
-
Supply Chain Security Engineer
1 tydzień temu
Citi Warsaw, Polska W pełnym wymiarze godzinWe are excited to announce an opening for a Software Supply Chain Security Senior Engineer empathetic with the challenges that development teams face in delivering software in large, heterogeneous organizations. If you are passionate about engineering excellence and building the ...
-
Senior Network Security Engineer
5 dni temu
Robert Bosch Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzinSenior Network Security Engineer Miejsce pracy: Warszawa Technologies we use Expected Python Ansible Operating system Windows Linux Your responsibilities Join our global team to help design, implement, improve and operate our worldwide Internet Breakouts as well as the VPN Servic ...
-
Security Tooling Engineer II
3 dni temu
Box Warsaw, PolskaWHAT IS BOX?Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collabo ...
Application Security Engineer - Warsaw, Polska - Goldman Sachs
Opis
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.
Role
In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm.
The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness.
RESPONSIBILITIES AND QUALIFICATIONS
The Secure-SDLC team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.
Responsibilities
You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function including, but not limited to;
Basic Qualifications
Have a minimum of 5 years' experience in information security or related field. You will use your strong technical, interpersonal, organizational, written, and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:
Preferred qualifications:
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at /careers.
We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.