Cyber Security Engineer

Who We Are

Our customer, Goldman Sachs, protects its technology landscape through a global Technology Risk organization led by the Chief Information Security Officer (CISO). The team focuses on securing applications and infrastructure, preventing cyber threats, measuring risk, and designing strong cybersecurity controls.

The Technology Risk team operates globally across the Americas, APAC, India, and EMEA.

Within Technology Risk, Advisory is the consultative arm of the organization. The team partners closely with engineers to assess new technology initiatives, design secure architectures, embed security into the SDLC and CI/CD pipelines, and support the transition to native public cloud applications.

Goldman Sachs has one of the most forward-thinking Technology Risk teams in the industry, with growing influence across the business and strong insight into how technology risk impacts outcomes.

How You’ll Make an Impact

As part of the global Technology Risk team, you will oversee a portfolio of business-critical applications and act as the primary security contact for application teams.

You will review major application changes during the design and architecture phase, advocate for strong security standards, and consolidate insights from penetration testing, bug bounty programs, and code reviews.

Key Responsibilities

• Conduct cybersecurity design and architecture reviews, including AI and ML solutions
• Advise engineering teams on secure design and implementation, with a focus on web applications and AWS
• Create, document, and promote secure design patterns and best practices
• Lead risk read-out calls with the business and recommend mitigation strategies
• Review penetration test and code analysis findings and guide teams through remediation
• Mentor and support junior team members

Basic Qualifications

• 4+ years of experience in application security and/or cloud security
• Experience with threat modeling or secure design and architecture reviews
• Degree in Computer Science, Engineering, Cybersecurity, or Information Security
• Strong knowledge of common vulnerabilities (OWASP Top 10, cloud security gaps)
• Hands-on experience with AWS security services (IAM, KMS, CloudTrail, GuardDuty, Inspector)
• Knowledge of authentication and authorization protocols (OAuth, OIDC, SAML)
• Understanding of secure coding practices and security controls
• Experience with vulnerability assessment and penetration testing tools
• Familiarity with modern web technologies and stacks
• Knowledge of cryptography concepts such as TLS, encryption, and hashing
• Strong English communication skills
• Ongoing interest in learning about emerging security threats

Preferred Qualifications

• Knowledge of network security and operating system hardening
• Experience assessing risks for AI and ML technologies
• Mobile application architecture review experience
• Understanding of Kubernetes security
• Exposure to Azure and GCP security practices
• Experience securing trading or payment platforms, including PCI DSS
• Knowledge of data protection strategies
• Experience with infrastructure-as-code tools (Terraform, CloudFormation, AWS CDK)
• Ability to create proof-of-concept exploits or scripts
• Relevant cybersecurity or cloud certifications

B2B: 200 PLN per hour