Goldman Sachs Tech Risk Engineering – Global Cyber Defense 

United States, Texas, Dallas 

736430689

Tech Risk – Global Cyber Defense & Intelligence – Threat Management Center – Associate

YOUR IMPACT

In this role, you will join an advanced threat detection and response team, drive proactive identification of threats within the organization, provide rapid response, develop detections by pivoting large data streams, leveraging analytic techniques such as Standard deviation, Simple matching, Stack counting, Outlier detection, Regex, Entity-Based, and Event-based. You will conduct cyber event and incident response investigations and remediate security gaps using world-class security tooling. You will also have opportunities to automate incident response workflows and remediation activities in order to increase the efficacy of our incident response efforts.

HOW YOU WILL FULFILL YOUR POTENTIAL

As a Security Engineer in GCDI’s Threat Management Center, you will be an integral part of a technical team that is responsible for providing the GCDI organization with security sensors and data sets that increase awareness of current and potential Cyber Threats. The ideal candidate should be someone with cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in utilizing security information for detection engineering, live intrusions and triage security events in real-time.

Job Responsibilities:

· Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach

· Perform host-based and network forensic investigations, determining the cause of the security incident and preserving evidence for potential legal action

· Participate in a 24x7 on-call coverage model to prevent and remediate security threats against Goldman Sachs’ global business network

· Improve the security sensors by looking for opportunities to tune the security controls in response to an evolving security threat landscape

· Lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination

· Develop use cases based on adversarial tactics, techniques and procedures (TTPs), and tuning event detection rules to optimize detection efficacy

· Build anomaly detections by applying statistical principles such as standard deviation, stack counting, simple match and regular expression

· Script in languages such as Python, PowerShell or Bash to build incident response workflows and automation

Basic Qualifications:

· Strong English verbal and written communication skills

· Strong presentation skills

· Highly motivated and passionate learner

· Strong sense of ownership and driven to manage tasks to completion

· Proficient scripting skills in Python and PowerShell

· Advanced understanding of Linux Operating Systems

· Designing Cloud architecture including security setup, and Incident response strategy

· Hands-on experience in the use of Forensics toolkits such as Volatility, Rekall, The Sleuth Kit, Autopsy, and EnCase

· Ability to conduct cyber security investigations as a Level 2 analyst

Preferred qualifications:

· 1-4 years' experience with expertise in triaging, analyzing & responding to different security events and conducting digital forensics on Windows, MacOS or Linux operating systems

· Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)

· At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR