Role Overview

The Lead Product Security Engineer position within the Asset and Wealth Management division and will be responsible for defining and evaluating solutions by closely working with the engineering teams to improve overall cybersecurity risk posture of the firm. This role is pivotal in balancing commercial objectives with robust security controls, ensuring the division's resilience against an evolving threat landscape, and protecting client assets and data.

The objective is to foster a unified and proactive approach to risk management through early design review and penetration testing engagements with the engineering BU teams and enabling secure technological innovation across all Asset and Wealth Management initiatives.

Key Responsibilities

• This position is hands-on and requires close collaboration with Product Management, Engineering, Program Management, and Dev Ops teams.
• Responsible for security of applications (Cloud/Web/API/Mobile) managed by Asset and Wealth Management (AWM) in conjunction with centralized security teams
• Act as a security advisor to architects, developers, analysts and others to ensure we design confidentiality, integrity, resiliency, and privacy into the platform
• Partner with business units to understand requirements, design proposals and evaluate architectural flaws for various on-prem/cloud architectures
• Evaluate the effectiveness of existing key controls, identify gaps, and recommend improvements to mitigate risks and enhance firm’s security posture
• Supervise, coach, and develop a small team of application security specialists
• Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology, including automated tools.
• Perform secure code reviews and facilitating or conducting penetration testing
• Assist in implementation of security related product features such authentication, cryptography, authorization, service integration, etc.
• Develop, maintain, and improve Technology Risk Program reflecting new emerging risks
• Enable the business to meet security requirements by design

Skills and Experience Required

• 6+ years' experience in secure architecture design, application security, and risk analysis techniques or related fields.
• Energetic, self-directed and self-motivated, able to build and sustain long-term relationships with colleagues.
• Must have experience managing multiple tasks and using sound judgment when managing risks, prioritizing and escalating.
• Must be able to work with deeply technical engineers, identify gaps that need addressing, and hold them to account.
• Security testing methodologies, tools and techniques - understanding of common application security vulnerabilities and controls to remediate.
• Expert knowledge of application security best practices including OWASP and CWE and cloud related concepts
• Hands-on software development and/or application Penetration Testing experience in complex environments an advantage
• The successful candidate will be able to balance project management trade-offs, own decisions and communicate effectively with senior stakeholders across business, partners, vendors, internal technology stakeholders and technology peers, with an eye towards influencing and driving positive business outcomes.
• Strong desire to learn and contribute solutions and ideas to a broad team.

Preferred Qualifications

• Experienced in Financial Services/Fintech
• BS or MS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
• Experience with leveraging AI/ML to solve security problems and scale operations.
• Knowledge of secure coding languages (e.g., Python, Java, Go).
• Cloud related experiences
• CSSLP / CISSP / CCSP / OSCP is a plus

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

© The Goldman Sachs Group, Inc., 2023. All rights reserved.

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.