Job Duties: Associate, Security Engineering with Goldman Sachs & Co. LLC in New York New York. Responsible for performing vendor security assessments of business-initiated projects helping to drive adoption of information, application and infrastructure security controls and best practices. Ensure security and privacy by design, including design review process improvements, assessment of security controls, AI models, cryptographic implementation, and compliance and regulatory needs. Collaborate with technical teams on major technology initiatives to ensure security exists at the outset of a design or project. Advise on leading edge engineering to protect the firm’s network from security risks related to client/server architectures, Cloud architectures, web services and mobile applications. Conduct security risk reviews of 3rd party vendor system integrations against firm policies and standards. Drive implementation of security controls in various platforms by working with the embedded and technology infrastructure teams. Collaborate with cross-functional teams to enhance the cybersecurity program by conducting cyber risk assessment and advising stakeholders on risk remediation actions. Communicate security status and risks in a succinct, direct and open manner for proper issue management life cycle tracking. Review security controls and how they apply to different designs and systems in order to identify security gaps. Review security documentation for application vulnerability assessment and penetration testing of web applications along with evaluating code review or configuration reports. Perform code review of web application programming languages such as Java / other code. Perform security assessments of technologies leveraging common web stack technologies such as Java / other code and architecture review of web applications. 

Job Requirements: Master’s degree (U.S. or foreign equivalent) in Cyber Security, Computer Science, Computer Engineering, Enterprise Risk Management, or a related field and one (1) year of experience in the job offered or a related role OR Bachelor’s degree (U.S. or foreign equivalent) in Cyber Security, Computer Science, Computer Engineering, Enterprise Risk Management, or a related field and three (3) years of experience in the job offered or a related role. Prior work experience must include one (1) year of experience (with a Master’s degree) or three (3) years of experience (with a Bachelor’s degree) with each of the following: working with technical understanding of both application and infrastructure architecture and security, including on premise and Cloud; working with application security best practices including OWASP (Open Web Application Security Project) and CWE (Common Weakness Enumeration); working with application security vulnerabilities and controls to remediate risks; assessing and mitigating software security threat vectors, including threat modeling, attack surface analysis, security design reviews, source code reviews, penetration testing or vulnerability assessments; working in shift left environment to help embed security in design phase to implement security controls within system architecture; and conducting infrastructure or application security risk assessments.

Salary Range: Annual base salary for this New York, New York -based position is $166,000 - $171,000.

©The Goldman Sachs Group, Inc., 2025. All rights reserved. Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veteran status, disability, or any other characteristic protected by applicable law.