Lead Application Security Vice President, Engineering Lead Application Security Vice President,  …

Lead Application Security Vice President, Engineering >

ENGINEERING

What We Do

At Goldman Sachs, our Engineers dont just make things we make things possible.  Change the world by connecting people and capital with ideas.  Solve the most challenging and pressing engineering problems for our clients.  Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.  Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions.  Want to push the limit of digital possibilities?  Start here.

Who We Look For

Goldman Sachs Engineers are innovators and problem-solvers, building solutions in risk management, big data, mobile and more. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

RESPONSIBILITIES AND QUALIFICATIONS

Consumer & Wealth Management Division:

Across Consumer and Wealth Management (CWM), Goldman Sachs helps empower clients and customers around the world reach their financial goals. Our advisor-led wealth management businesses provide financial planning, investment management, banking and comprehensive advice to a wide range of clients, including ultra-high net worth and high net worth individuals, as well as family offices, foundations and endowments, and corporations and their employees. Our consumer business provides digital solutions for consumers to better spend, borrow, invest and save. Across CWM, our growth is driven by a relentless focus on our people, our clients and leading-edge technology, data and design.

Wealth Management

Goldman Sachs Wealth Management is comprised of Private Wealth Management (PWM), Personal Financial Management (PFM) and Ayco, a Goldman Sachs Company. PWM serves ultra-high-net-worth individuals, families, family offices and nonprofit institutions as a trusted advisor. In 2019, Goldman Sachs acquired United Capital (newly branded PFM), which serves high net-worth individuals across 30 states in 100 offices in the United States. Ayco works with corporate partners to provide their employeesacross all wealth levelsa path to financial well-being through personalized financial counseling, investment management and family office services. Across Wealth Management, we help clients achieve their holistic goals by providing access to our insights, expertise and network.

Consumer Business (Marcus by Goldman Sachs)

Our Consumer business, Marcus by Goldman Sachs, serves millions of customers across multiple products including lending, deposits, financial tools and our partnership with Apple on Apple Card. We use innovative design, data, engineering and other core capabilities to provide customers with powerful tools and products that are grounded in value, transparency and simplicity.

HOW YOU WILL FULFILL YOUR POTENTIAL

• Digital Finance Trust and Technology Risk Application Security Specialist will be an individual contributor responsible for securing the applications (Web/API/Mobile) managed by Wealth Management.
• The position is hands-on and requires close collaboration with Product Management, Engineering, Program Management, and Dev Ops teams.
• Supervise, coach, and develop a small team of application security specialists
• The Application Security Specialist will act as a security advisor to architects, developers, analysts and others to ensure we design confidentiality, integrity, resiliency, and privacy into the platform.
• Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology, including automated tools.
• Secure Code Reviews and facilitating or conducting Penetration Testing.
• Assist in implementation of security related product features like authentication, cryptography, etc.
• Support and enhance the application security champion program.

SKILLS AND EXPERIENCE WE ARE LOOKING FOR

BASIC QUALIFICATIONS

• 6+ years' experience in application security and risk analysis techniques or related fields, candidates with 3+ years are encouraged to apply for consideration at associate level.
• Energetic, self-directed and self-motivated, able to build and sustain long-term relationships with colleagues.
• You must have experience managing multiple tasks and using sound judgment when managing risks, prioritizing and escalating.
• You must be able to work with deeply technical engineers, identify gaps that need addressing, and hold them to account.
• Security testing methodologies, tools and techniques - understanding of common application security vulnerabilities and controls to remediate.
• Expert knowledge of application security best practices including OWASP and CWE
• Hands-on software development and/or application Penetration Testing experience in complex environments an advantage
• The successful candidate will be able to balance project management trade-offs, own decisions and communicate effectively with senior stakeholders across business, partners, vendors, internal technology stakeholders and technology peers, with an eye towards influencing and driving positive business outcomes.
• Strong desire to learn and contribute solutions and ideas to a broad team.
• Exposure to Lean, Agile, and DevOps

PREFERRED QUALIFICATION

• BSc or Masters degree or equivalent experience
• Any of CSSLP / CISSP / CCSP / OSCP an advantage
• Experience working in Agile development and scrum team.