The Consumer and Investment Management Division includes Goldman Sachs Asset Management (GSAM), Private Wealth Management (PWM) and our Consumer business (Marcus by Goldman Sachs). We provide asset management, wealth management and banking expertise to consumers and institutions around the world. CIMD partners with various teams across the firm to help individuals and institutions navigate changing markets and take control of their financial lives.
Consumer, externally known as Marcus by Goldman Sachs, is comprised of the firm's digitally-led consumer businesses, which include our deposits and lending businesses. It also includes our personal financial management app, Clarity Money. Consumer combines the strength and heritage of a 150-year-old financial institution with the agility and entrepreneurial spirit of a tech start-up. Through the use of insights and intuitive design, we provide customers with powerful tools that are grounded in value, transparency and simplicity to help them make smarter decisions about their money.
RESPONSIBILITIES AND QUALIFICATIONS
FULFILLING YOUR POTENTIAL
* Digital Finance Trust and Technology Risk - Application Security Specialist will be an individual contributor responsible for securing the applications (Web/API/Mobile) managed by Marcus * The position is hands-on and requires close collaboration with Product Management, Engineering, Program Management, and Dev Ops teams * The Application Security Specialist will act as a security advisor to architects, developers, analysts and others to ensure we embed security into the platform * Drive adoption of embedded application security controls as part of the Software Development Life Cycle (SDLC) in Agile methodology, including automated tools * Review requirements/architecture to ensure security and privacy by design * Secure Code Reviews and Penetration Testing * Assist in implementation of security related product features like authentication, cryptography, etc.
* 6+ years' experience in application security or related fields and risk analysis techniques * Expert knowledge of application security best practices including OWASP and CWE * Security testing methodologies, tools and techniques - understanding of common application security vulnerabilities and controls to remediate * Hands-on experience with web application Penetration Testing
* Proficient communication skills and an effective team player * Hands-on-experience with cloud security/designing secure systems on AWS * Working experience in Agile development and scrum teams