Miejsca pracy
>
Warsaw

    Application Security Engineer - Warsaw, Polska - Goldman Sachs

    Goldman Sachs
    Goldman Sachs Warsaw, Polska

    4 godziny temu

    Goldman Sachs background
    Opis

    Business Unit Overview

    Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, Advisory is the consultative and technology subject matter expertise arm, responsible for assessing new technology initiatives for risk, partnering with engineers to architect and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing controls for our transition to building native public cloud applications.

    Role

    In this role, you will join the global Secure SDLC (S-SDLC) team within Technology Risk – the team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks. You will interact with all parts of the firm giving you the opportunity to grow within the Technology Risk team as well as other divisions within the firm.

    The ideal candidate should have experience of integrating, and tuning, software security controls within continuous deployment SDLC, ability to review, triage and remediate findings by interfacing with the Business Units and help raise developer security awareness.

    RESPONSIBILITIES AND QUALIFICATIONS

    The Secure-SDLC team is responsible for the identification of software security flaws, along with providing security assurance advice and guidance to the engineers to help them manage application risks.

    Responsibilities

    You will become a highly committed trusted Risk Advisor with the discipline and interpersonal skills to work in a global environment communicating the impact of technology risks and the approach to mitigation and acceptance. You will provide Technology Risk Advisory risk assessment and advisory services to engineers as part of the Technology Risk function including, but not limited to;

  • Lead and support static, dynamic and security awareness services
  • Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements
  • Lead S-SDLC training and guidance on security related issues
  • Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC)
  • Lead product evaluation and help engineer tools and solutions that will facilitate the adoption of security controls across the firm
  • Review and provide advice and consultation to business owners for the identified security issues

    • Basic Qualifications

    Have a minimum of 5 years' experience in information security or related field. You will use your strong technical, interpersonal, organizational, written, and verbal communication skills to interact with your internal clients locally and globally. Your knowledge of Application Security, Risk Analysis and Risk Management techniques, methodologies and governance will enable you to be an active member of the team along with your professional experience in one, or more, of the following disciplines:

  • Understanding of common application security vulnerabilities and controls to remediate.
  • Ability to engage technical client base of engineers and communicate security requirements, potential risks and influence development practices
  • Ability to communicate security flaws in a clear and concise manner to a broad range of audience from engineers, SMEs to senior management
  • Ability to provide clear guidance on vulnerability remediation
  • Expert/Advanced knowledge of Secure software development practices and frameworks
  • Expert/Advanced knowledge of Secure Code Review and Application Security assessment
  • Expert/Advanced knowledge of at least one major programming language (. Java, Python, Go
  • Expert/Advanced knowledge of CI/CD platforms . Gitlab, Jenkins, BitBucket CI, Bamboo, Travis CI, Circle CI, AWS Code Commit and Deploy (or similar)
  • Expert/Advanced knowledge of DevSecOps solutions . Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile Security

    • Preferred qualifications:

  • Program management skills
  • Expert Knowledge of Cloud (AWS, GCP, Azure) and Cloud Security applications
    • ABOUT GOLDMAN SACHS
    At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.
    We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at /careers.
    We're committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.
  • Teamquest Sp. Z O.o.

    Network Security Engineer

    1 dzień temu

    Teamquest Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzin

    Nasz klient to dynamicznie rozwijająca się firma doradcza i technologiczna, która od ponad 25 lat wspiera branżę ubezpieczeniową w transformacji cyfrowej. · Dzięki zaufaniu najważniejszych światowych firm technologicznych, nasz klient oferuje kompleksowe usługi w zakresie doradzt ...

  • Link Group

    Network Security Engineer @

    6 dni temu

    Link Group Warsaw, Polska W pełnym wymiarze godzin

    Biegła znajomość koncepcji, protokołów i technologii związanych z bezpieczeństwem sieciowym (np. · TCP/IP, DNS, VPN, SSL/IPSec, NGFW, IDS/IPS, NAC, Proxy) Doświadczenie w wdrażaniu rozwiązań związanych z segmentacją sieciową, np. · firewalli zonalnych, mikrosegmentacji Doświadcze ...

  • in4ge

    Cloud Security Engineer

    45 minut temu

    in4ge Warsaw, Polska

    Twoja rola: · Projektowanie, wdrażanie i utrzymywanie rozwiązań związanych z bezpieczeństwem w infrastrukturze chmurowej · Monitorowanie bezpieczeństwa, wykrywanie i reagowanie na incydenty zagrożenia · Audytowanie i testowanie podatności systemów chmurowych na zagrożenia · Tworz ...

  • 7n Sp. Z O.o.

    Junior Security Operations Engineer

    1 tydzień temu

    7n Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzin

    Technologies-expected : Mac OS Unix GCP AWS Kubernetes SIEM technologies-optional : Python about-project : Poszukujemy Junior Sec Ops Engineera dla naszego klienta, jednego z największych banków w Wielkiej Brytanii z siedzibą w Londynie. · Firma oferuje rozwiązania zapewniające u ...

  • Connectis

    Remote Security Engineer

    4 dni temu

    Connectis Centrum, Warszawa, Polska W pełnym wymiarze godzin

    Wspólnie z naszym Partnerem, globalną prywatną wytwarzającą produkty konsumenckie oraz artykuły przemysłowe poszukujemy specjalisty na stanowisko Security Engineera. Nasz Partner skupia się na linii produktów z własną marką oraz markami prywatnymi obsługujące rynki instytucjonaln ...

  • XTB

    Cyber Security Engineer

    5 dni temu

    XTB Prosta , Warszawa, Polska W pełnym wymiarze godzin

    Szukamy osoby do działu bezpieczeństwa IT w XTB, która będzie współpracowała z zespołami wytwórczymi nad podniesieniem kultury bezpieczeństwa w wytwarzaniu oprogramowania. · XTB to przede wszystkim innowacyjność i ciągły rozwój. Tworzymy największą regulowaną firmę inwestycyjną i ...

  • MANGOPAY

    Senior Security Engineer

    2 dni temu

    MANGOPAY -, Warszawa, Polska W pełnym wymiarze godzin

    At Mangopay, our mission is to power the payment infrastructure and payment operations of the world's biggest and most exciting marketplaces & platforms. · We provide marketplaces and platforms with powerful modular payment and regulatory solutions. Since 2013, we have enabled th ...

  • Relout Sp. Z O.o.

    Security Lead Engineer

    3 dni temu

    Relout Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzin

    Technologies-expected : AWS Linux Docker Serverless technologies-optional : Python Type Script about-project : We are currently looking for a Security Lead Engineer, willing to join a project for our strategic client – one of the largest manufacturing companies from Sweden, offe ...

  • Mindbox S.a.

    Cloud Security Engineer

    3 dni temu

    Mindbox S.a. Warsaw, Polska W pełnym wymiarze godzin

    Technologies-expected : AWS Google Cloud Platform Terraform Kubernetes about-project : We're looking for a Cloud security engineer to join our Client's growing Technology team. · Working within the security team you'll play a key part in securing their cloud native Iaa S and Paa ...

  • DLA Piper

    Security Engineering Manager

    1 tydzień temu

    DLA Piper Warsaw, Polska

    The role · The Security Engineering team is responsible for supporting our Security Operations team by leading the configuration, selection, maintenance and development of essential security technologies that continue to mature our ability to detect, investigate and mitigate thre ...

  • Dun & Bradstree

    O365 Security Engineer

    1 tydzień temu

    Dun & Bradstree Warsaw, Polska Employee: W pełnym wymiarze godzin

    Why We Work at Dun & Bradstreet Dun & Bradstreet unlocks the power of data through analytics, creating a better tomorrow. Each day, we are finding new ways to strengthen our award-winning culture and accelerate creativity, innovation and growth. Our 6,500+ global team members are ...

  • Michael Page

    Cloud Security Engineer

    1 tydzień temu

    Michael Page Warsaw, Polska

    Work closely with the Cloud Security Architects to implement our cloud reference architecture · Work with IT team, as well as with business owners of cloud applications to implement reference architecture to meet business requirements · Integrate with cloud projects and verify th ...

  • Avenga

    Cloud Security Engineer @

    1 tydzień temu

    Avenga Warsaw, Polska W pełnym wymiarze godzin

    5+ years of experience on similar position Excellent knowledge of AWS and/or GCP Iaa S and Paa S Experience of designing secure cloud environments Strong understanding of cloud security tooling and monitoring capabilities Automation and scripting experience Experience with Terraf ...

  • Bosch

    Cyber Security Engineer

    45 minut temu

    Bosch Warsaw, Polska W pełnym wymiarze godzin

    Job Description · Tasks: · Automate security event handling processes in collaboration with incident response, threat intelligence and SOC teams · Look for possibilities for improvements, propose and finally implement them · Close collaboration with experts in Poland, Germany, I ...

  • C.H. Robinson

    Offensive Security Engineer

    1 tydzień temu

    C.H. Robinson Warsaw, Polska W pełnym wymiarze godzin

    C.H. Robinson is seeking an to join our Warsaw office/global team. In this role, you'll lead red team exercises, fortifying our applications' security. Your expertise will integrate offensive security practices into our SDLC, identifying vulnerabilities and bolstering our dig ...

  • Bosch

    Cyber Security Engineer

    1 tydzień temu

    Bosch Warsaw, Polska W pełnym wymiarze godzin

    Job Description · Tasks: · Develop and maintain cyber security tools (Python, Shell) · Automate cyber security processes (Python, SQL, Ansible, Terraform, Azure DevOps) · Monitor and analyze cyber security operations · Integrate tools and applications used in cyber security orga ...

  • Box Inc.

    Security Tooling Engineer Ii @

    20 godzin temu

    Box Inc. Warsaw, Polska W pełnym wymiarze godzin

    Security Tooling Engineer II *Our compensation structure is the base salary and equity in the form of restricted stock units. · WHAT IS BOX? Box is the market leader for Cloud Content Management. · Our mission is to power how the world works together. · Box is partnering with ent ...

  • Citi

    Supply Chain Security Engineer

    1 tydzień temu

    Citi Warsaw, Polska W pełnym wymiarze godzin

    We are excited to announce an opening for a Software Supply Chain Security Senior Engineer empathetic with the challenges that development teams face in delivering software in large, heterogeneous organizations. If you are passionate about engineering excellence and building the ...

  • Robert Bosch Sp. Z O.o.

    Senior Network Security Engineer

    5 dni temu

    Robert Bosch Sp. Z O.o. Warsaw, Polska W pełnym wymiarze godzin

    Senior Network Security Engineer Miejsce pracy: Warszawa Technologies we use Expected Python Ansible Operating system Windows Linux Your responsibilities Join our global team to help design, implement, improve and operate our worldwide Internet Breakouts as well as the VPN Servic ...

  • Box

    Security Tooling Engineer II

    3 dni temu

    Box Warsaw, Polska

    WHAT IS BOX?Box is the market leader for Cloud Content Management. Our mission is to power how the world works together. Box is partnering with enterprise organizations to accelerate their digital transformation by creating a single platform for secure content management, collabo ...