Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Employer? Claim Account for FREE

Goldman Sachs

Compare

3.5

based on 1.2k Reviews

307 Goldman Sachs Jobs

Engineering-Bengaluru-Associate-Security Engineering

Goldman Sachs

3.5

based on 1.2k Reviews

1-4 years

Bangalore / Bengaluru

1 vacancy

Engineering-Bengaluru-Associate-Security Engineering

Goldman Sachs

posted 6hr ago

Job Role Insights

Flexible timing

Key skills for the job

Cyber Security Investment Banking Python Automation Testing Linux Administration HTML

+ 3 more

Job Description

Business Unit Overview

Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, the Security Incident Response Team (SIRT) Vulnerability Management team manages the lifecycle of vulnerabilities within GS technologies, including vulnerability discovery, risk assessment, and treatment. We are a team of security, software and product engineers that allow the firm to respond appropriately to cyber security risks through the use of detection, design and development.

Role

In this role, you will join firm s global vulnerability management team to develop, architect and deploy on premise and cloud solutions for vulnerability management. This role requires you to drive proactive identification of vulnerability detection requirements across the organization.

We are looking for a Vulnerability Management Engineer with strong hands-on experience in Python scripting, CI/CD pipelines, vulnerability management, cloud security and endpoint security. The ideal candidate must have expertise in Qualys, Prisma Defender, Edge Scanning, AWS security, Apache Spark, container security, and endpoint security tools like MDE, CrowdStrike, Prisma Defender, CBR, and Bit9.

Job Responsibilities:

Development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support
Contribute to vulnerability management strategy and automation
Develop and maintain automated security scripts using Python to integrate with CI/CD pipelines.
Collaborate with various engineering teams to understand the vulnerability management needs and collectively develop remediation and mitigation strategies
Implement and manage security controls within AWS environments.
Manage and fine-tune vulnerability scanning schedules, policies, and configurations.
Perform vulnerability management product POCs as per the defined requirements.
Develop security dashboards and reports to track vulnerability trends, remediation status, and compliance metrics.
Work on automated vulnerability scanning using scanners and agents in the public cloud
Improve the security sensors by looking for opportunities to tune the vulnerability detection controls and coverage effectiveness
Lead the security projects/tasks assigned by taking ownership of planning, implementation coordination
Script in languages such as Python, build workflows and automation of scan data
Implement, support and evaluate security-focused tools, vulnerably management tools and services.
Maintain knowledge and skillset relevant to trends in the industry

Basic Qualifications:

Minimum 1.5-4 years of experience, preferably around organizational security and vulnerability management and also security tool integration, automation support.
Strong Python scripting skills for automation and integration.
Experience with CI/CD pipelines and security automation.
Proficiency with VM tools such as Qualys, Prisma Defender, and Edge Scanning.
Deep understanding of container security and Kubernetes security best practices
Experience with infrastructure as code (IaC) security (Terraform, CloudFormation).
Strong hands-on experience with endpoint security tools such as MDE, CrowdStrike, Prisma Defender, CBR, and Bit9.
Strong analytical skills to identify, prioritize, and remediate security risks.
Demonstrated understanding of infrastructure components and cloud vulnerability scanning
Identify, integrate, monitor and improve infosec controls/tools by understanding business processes.
Strong English verbal and written communication skills
Strong presentation skills
Strong sense of ownership and driven to manage tasks to completion

Preferred qualifications:

Work experience on any major public clouds such as AWS and Azure.
Advanced understanding of Linux Operating Systems
Designing Cloud architecture including scanner and agent placement and communication strategies.
In-depth understanding of any vulnerability scanning tools such as Qualys, Prisma Cloud, Rapid7, AWS Inspector

We believe who you are makes you better at what you do. Were committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https: / / www.goldmansachs.com / careers / footer / disability-statement.html

The Goldman Sachs Group, Inc., 2023. All rights reserved.
Goldman Sachs is an equal employment/affirmative action employer Female / Minority / Disability / Veteran / Sexual Orientation/Gender Identity

Employment Type: Full Time, Permanent

Read full job description

Prepare for Security Engineer roles with real interview advice