Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative
measures including business planning, capability design, and the testing of mitigants.
RESPONSIBILITIES AND QUALIFICATIONS
Technology Risk Advisory delivers best in class advisory support and technology solutions across the Information Security risk domains, including scalable uplifts of common core security solutions for use across Goldman Sachs and conducting cyber risk assessments. We are looking for a strong candidate to focus on in house infrastructure projects.
HOW YOU WILL FULFILL YOUR POTENTIAL
• Perform OS and container related hardening and certification
• Define SDLC controls for infrastructure specific areas including management and data plane
• Determine patterns for SDLC pipelines for AMI and container authoring pipelines
• Write Infrastructure as Code or Policy as Code to enforce infrastructure related controls for SDLC
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Minimum 5 years’ experience in OS, container management with focus on hardening and security compliance
• Good understanding of TCP/IP stack
• Familiarity with cloud services and terraform
• Have a basic understanding of SDLC for infrastructure as code
• Support infrastructure and cloud design reviews, where required
• Support firm architecture strategy advisory function
• Deploy cloud proof of concept designs for control evaluation and verification