Goldman Sachs - Vulnerability Response Engineer (5-8 yrs)

Note : If shortlisted, you will be invited for initial rounds on 1st March'25 (Saturday) in Bengaluru

Role : Vulnerability Response

HOW YOU WILL FULFILL YOUR POTENTIAL :

In this role, you will part of well-established Vulnerability Response team and will be responsible for driving various activities to ensure the successful detection, review, and remediation of vulnerabilities. This includes applying your analytical, reasoning. And specialized technical security expertise to investigate, isolate and track network and security vulnerabilities, false positive identification, and engagement with various teams for remediation activities.

The ideal candidate should have strong experience performing vulnerability assessments and penetration tests for large enterprises. The candidate will also have deep expertise in vulnerability triaging and supporting large scale vulnerability management programs.

RESPONSIBILITIES :

- Execute and support the firms global Vulnerability Response program as part of the team within Technology Risk.

- Collaborate extensively with the firms engineering teams (across both business applications and core infrastructure) help them understand their software, infrastructure and cloud related vulnerabilities and collectively develop risk mitigation strategies.

- Tactically guide the Vulnerability Response plan to coordinate, monitor and support activities in the areas of the VR program, security patch and remediation management.

- Provide risk assessment and remediation expertise for vulnerability remediation for on-premise and cloud-based infrastructure.

- Execution of processes and procedures in support of the vulnerability management lifecycle from identification, triaging, reporting to remediation.

- Provide risk assessment input into patch management policies and activities for multiple platforms across the firm.

- Maintain an understanding of current and emerging threats, vulnerabilities, and trends.

- Support the development and reporting of key metrics and reporting for the program.

Basic Qualifications :

- Clear communication skills, both verbal written, including the ability to clearly articulate technical vulnerabilities and associated risks to both technical and non-technical audiences.

- Strong project and program management skills, including the ability to lead and uplift projects from start to finish with autonomy and attention to details.

- Experience working within a vulnerability management or related program in a complex and diverse global environment.

- Experience with cloud infrastructure-based vulnerability management methodologies and programs.

- Knowledge on SSDLC methodologies and integrating security into CI/CD pipelines.

- Experience with industry standard patch management and vulnerability management tools and techniques.

- A passion for, and deep understanding of, the technical aspects of information security with particular focus on vulnerability and threat management.

Preferred Experience/Qualifications :

- Bachelors degree or higher preferred.

- Experience in managing large scale response/remediation efforts across organizations with heterogeneous technology stacks.

- Experience using industry standard vulnerability assessment and management tools (such as Nmap, Nessus, Splunk, Prisma or Qualys, ASM tools) and interpreting, analyzing and assessing their data output.

- Experience working as part of a global team.

- Significant application, infrastructure or cloud security experience, including penetration testing, hardware/Network assessments, and risk assessments.