Goldman Sachs Technology Risk is leading threat, risk analysis and data science initiatives
that are helping to protect the firm and our clients from information and cyber security risks. Our team equips the firm with the knowledge and tools to measure risk, identify and mitigate threats and protect against unauthorized disclosure of confidential information for our clients, internal business functions, and our extended supply chain.
SECURITY INCIDENT RESPONSE TEAM (SIRT) supports and enables a comprehensive technical Cyber Defense program for the firm while increasing awareness of current and potential Cyber Threats. Works across the organization to operate efficiently, provide technical
investigative support and mitigate threats to the firm.
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Security Incident Response Team (SIRT) identifies malicious activity, manages the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.
In this role, you will join an advanced threat detection and response team, drive proactive identification of threats within the organization, provide rapid response, develop detections by pivoting large data streams, leveraging analytic techniques such as Standard deviation, Simple matching, Stack counting, Outlier detection, Regex, Entity-Based, and Event-based.
The ideal candidate should be someone with cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in utilizing security information for detection engineering, live intrusions and triage security events in real-time.
HOW YOU WILL FULFILL YOUR POTENTIAL
• Job Responsibilities:
• Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
• Perform host-based and network forensic investigations, determining the cause of the security incident and preserving evidence for potential legal action
• Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs’ global business network
• Improve the security sensors by looking for opportunities to tune the security controls in response to an evolving security threat landscape
• Develop use cases based on adversarial tactics, techniques and procedures (TTPs), and tuning event detection rules to optimize detection efficacy
• Build anomaly detections by applying statistical principles such as standard deviation, stack counting, simple match and regular expression
• Script in languages such as Python, Powershell or Bash to build incident response workflows and automation
SKILLS AND EXPERIENCE WE ARE LOOKING FOR
• Strong English verbal and written communication skills
• Strong presentation skills
• Ability to multitask and prioritize work effectively
• Highly motivated self-starter
• Responsive to challenging tasking
• Attention to detail
• Proficient scripting skills in Python and PowerShell
• Advanced understanding of Linux Operating Systems
• Designing Cloud architecture including security setup, and Incident response strategy
• Hands-on experience in the use of Forensics toolkits such as Volatility, Rekall, The Sleuth Kit, Autopsy, and EnCase
• 1-4 years' experience with expertise in triaging, analyzing & responding to different security events and conducting digital forensics on Windows, MacOs or Linux operating systems
• Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)
• At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.