Vice President-Security Engineering

As a member of the Technology Risk team at Goldman Sachs, your role will be to join the global Secure SDLC (S-SDLC) team. This team is responsible for identifying software security flaws and providing security assurance advice to engineers to help them manage application risks. You will have the opportunity to interact with various parts of the firm, allowing you to grow within the Technology Risk team and across different divisions within the company. Your responsibilities will include leading and supporting static, dynamic, and security awareness services, driving the adoption of application security controls within the Software Development Life Cycle (SDLC), reviewing issues identified by S-SDLC tools, interfacing with Business Units to provide advice and consultation, developing and customizing rules to enhance the detection capability of S-SDLC tools, and more. Additionally, you will be responsible for communicating the security program to the broader developer community, providing awareness, training, and guidance on security-related issues, and conducting product evaluations of solutions that may benefit the S-SDLC program. **Key Responsibilities:** - Lead and/or support static, dynamic, and security awareness services - Drive adoption of application security controls within SDLC - Review issues identified by S-SDLC tools and ensure compliance with established review SLAs - Interface with Business Units to provide advice and consultation for issue remediation - Develop and customize rules to enhance detection capability of S-SDLC tools - Assist in developing security testing strategies and solutions - Communicate security program to the broader developer community - Provide awareness, training, and guidance on security-related issues - Conduct product evaluations of solutions for the S-SDLC program **Qualifications Required:** - Strong technical, interpersonal, organizational, written, and verbal communication skills - Knowledge of Software Development Lifecycle (SDLC), Application Security, and Risk Management techniques - Experience in explaining secure coding practices and application security vulnerabilities - Ability to engage with a technical client base and communicate security requirements effectively - Experience with software development methodologies and programming languages - Working knowledge of CI/CD platforms and DevSecOps solutions - Intermediate knowledge of various security testing methodologies such as SAST, DAST/IAST, SCA, IaC, Container Security, and Mobile Security Goldman Sachs is committed to diversity and inclusion, offering opportunities for professional and personal growth within the firm. The company believes that fostering diversity and inclusion leads to better outcomes for both employees and clients. For more information about the culture, benefits, and opportunities at Goldman Sachs, visit GS.com/careers.,