Associate Security Engineer

About Goldman Sachs Technology Risk

Goldman Sachs Technology Risk spearheads threat and risk management initiatives to safeguard the firm and its clients from information and cyber security risks. The team provides the essential knowledge and tools to effectively measure risk, identify and mitigate threats, and protect against unauthorized disclosure of confidential client, employee, and supply chain information. Specifically, the Techrisk Data Privacy team plays a crucial role in enabling personal data security and privacy across the firm, collaborating extensively with Legal, Compliance, Privacy Platform Engineering, and Core Engineering to enhance control postures for various types of personal data.

As an Associate Security Engineer, you will join a forward-thinking Technology Risk team committed to advancing security controls within engineering functions and across the broader business. This role offers the opportunity to interact with all parts of the firm, providing invaluable experience and knowledge that will support your future career growth.

Goldman Sachs is seeking a highly motivated candidate with a strong technical background and proven experience in data security or data risk management. You will join a team dedicated to strengthening personal data security and implementing privacy-by-design principles through robust technical controls.

Key Responsibilities

• Support the planning, execution, and enhancement of data protection and personal data security initiatives, with a strong focus on technical controls and security reviews.
• Drive the adoption of robust data security controls and privacy-enhancing technologies, such as encryption, data masking, and access controls, across various applications and platforms to uplift the control posture for personal data.
• Assist in developing scalable processes to ensure data security controls operate effectively and align with core privacy-by-design principles.
• Provide expert advice and guidance to engineering teams on the application of relevant security policies and standards, and on integrating security controls defined within the firm’s Technology Risk and Control Framework to enable privacy by design from the outset.
• Participate in global, regional, and local Technology Risk initiatives aimed at improving the firm's baseline in data security, resiliency, and the controls governing technology processes and services related to personal data.
• Conduct thorough security reviews of systems and applications to identify potential data privacy risks and formulate effective technical mitigation strategies.
• Collaborate closely with Legal and Compliance teams to understand regulatory requirements, including GDPR and CCPA, and translate them into actionable technical security controls.
• Deliver clear and concise verbal and written recommendations and guidance to business and technology staff on critical matters of personal data security and privacy-enabling technical controls.

Required Skills and Experience

• Bachelor’s degree in Information/Cyber Security, Computer Science, Software Engineering, or a closely related technical field.
• 1-3 years of experience in security, technical risk management, or a data protection function.
• Strong foundational understanding of data security concepts and practices, including encryption, access controls, data minimization, and data de-identification.
• Familiarity with privacy-by-design principles and their practical implementation within diverse technology solutions.
• Technical knowledge of technology architecture, infrastructure, and the Software Development Lifecycle (SDLC).
• Experience utilizing data analysis tools such as Excel, PowerBI, or Alteryx.
• Demonstrated analytical thinking abilities and strong problem-solving skills, particularly in assessing technical security risks related to data privacy.
• Excellent oral, written, and presentation communication skills, with the ability to explain complex technical details effectively to diverse audiences.
• Proven ability to work both effectively in a team environment and independently.

Preferred Qualifications

• Relevant industry certifications (e.g., Security+, CySA+, CCSP, CIPT, CISSP, CIPM).
• Experience with technical risk analysis and control frameworks (e.g., NIST Cybersecurity Framework, ISO 27001/27701).
• Understanding of relational database technologies (e.g., SQL) and data storage principles.
• Knowledge of networking technologies and operating systems.
• Familiarity with data lifecycle management, data mapping, and inventory from a security control perspective.
• An understanding of the regulatory environment related to technology control requirements, with an emphasis on how security controls address global data protection regulations.

Key skills/competency

• Data Security
• Privacy by Design
• Risk Management
• Encryption
• Access Controls
• GDPR
• CCPA
• SDLC Security
• Security Reviews
• Compliance