Senior Penetration Tester - Tech Risk Advisory - Vice President

7 days left

Recruiter
Goldman Sachs
Location
Warsaw (PL)
Salary
Competitive + benefits
Posted
15 Nov 2024
Closes
15 Dec 2024
Contract Type
Permanent
Hours
Full Time

TECH RISK ADVISORY delivers best in class advisory support and technology solutions across the information security risk domain including scalable uplifts of common core security solutions for use across Goldman Sachs. Prevents the misuse, unauthorized disclosure, or loss of firm data across e-mail, file transfer, and the Internet. Ensures business continuity and technology resilience by safeguarding Goldman Sachs from major operational disruptions through preventative measures including business planning, capability design, and the testing of mitigants.

ROLE DESCRIPTION

You will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. You will be a member of a strong community of internal penetration testers, with exposure to all parts of the firm and its most critical systems.

HOW YOU WILL FULFILL YOUR POTENTIAL

  • Perform penetration tests and find impactful vulnerabilities in a wide variety of web applications, cloud-based systems, and infrastructure platforms (ex. banking websites, payment applications, authentication systems, core internal frameworks, critical infrastructure).
  • Work with teams to recommend ways of addressing vulnerabilities and propose systematic improvements.
  • Contribute to internal red teaming engagements and security research. 
  • Grow and share your knowledge with the community of internal pentesters at Goldman Sachs.

SKILLS AND EXPERIENCE WE ARE LOOKING FOR

  • Experience in vulnerability assessment and penetration testing across any of above mentioned areas.
  • Strong understanding of web security topics, ability to build exploit chains and articulate impact of individual findings.
  • Experience in analysing complex infrastructural systems by code review, server and cloud configuration analysis, reverse engineering and fuzzing.
  • Working knowledge of common security tools (Burp Suite, Wireshark, Metasploit, Mimikatz, Ghidra, netcat).
  • Familiarity with one or more languages (Java, Javascript, Python, C++, C#).
  • Well versed with TCP/IP stack and network protocols.
  • High level knowledge of cryptography concepts.

PREFFERED QUALIFICATIONS

  • Experience in adopting or crafting custom proof of concept exploits.
  • Knowledge of common cloud products and solutions.
  • Bachelor of Science in Computer Science, Cyber-Security, or Information Security is preferred.
  • Experience or trainings in related disciplines e.g. computer security, network security, network device management, IT administration, cloud security, infrastructure pentesting is preferred.
  • Certificates (of equivalent knowledge) like OSCP, OSEP, OSWP.
ABOUT GOLDMAN SACHS
 
At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world. 
 
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers. 
 
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process.