Tech Risk - SIRT - Bug Bounty Program - Security Incident Response Team
- Dallas, TX
Business Unit Overview
Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure applications and infrastructure, developing software in support of our efforts, measuring cybersecurity risk, and designing and driving implementation of cybersecurity controls. The team has global presence across the Americas, APAC, India and EMEA. Within Technology Risk, The Security Incident Response Team (SIRT) identifies malicious activity, manages the lifecycle of vulnerabilities within GS technologies, and investigates and manages threats across the firm. We are a team of security, software, and product engineers that allow the firm to respond appropriately to firm risks through the use of detection models, security architecture, and cutting-edge cyber threat analysis to manage internal and external threats against the firm.
In this role, you will join a dedicated team that manages the firm's bug bounty program where we help remediate the firms risk to external threats. You will be verifying vulnerability reports, testing for variations, and discovering the extent of unique issues while partnering with other risk management and engineering teams to track issues through resolution. You will also work to build relationships with the broader bug hunting community. The ideal candidate should be someone with existing cyber security experience, a strong technical understanding of web and mobile applications and architecture, and a drive to continually learn new attacks and techniques.
RESPONSIBILITIES AND QUALIFICATIONS
- Oversee the full lifecycle of vulnerability research for the Bug Bounty program
- Work closely with the Technology Risk Advisory and Issue Management Teams to track remediation timelines and ensure vulnerabilities are fixed in a timely manner
- Maintain a schedule for key bug bounty projects and assist with live event planning
- Manage inbound report triage for bug bounty reports
- Monitor and report progress on KPI's, metrics, and key milestones to security leadership
- Collaborate with external researchers to reproduce and investigate vulnerabilities submitted through our public and private bug bounty programs
- Work directly with project teams to help them understand the risk of findings and provide remediation guidance
- Identify best practices identified by program trends
- Strong communication and presentation skills and the ability to clearly articulate vulnerabilities and risks to both technical and non-technical audiences
- Strong sense of ownership and driven to manage tasks to completion
- Highly organized with exceptional attention to detail and follow-through
- Familiarity with vulnerability assessment and penetration testing of web and mobile applications
- Understanding of security fundamentals and common vulnerabilities
- Working knowledge of common security tools (Burp, metasploit, netcat, etc.)
- 2-5 years of relevant experience in a project/program management function
- Familiarity or experience with enterprise networks and software platforms
- Good reputation on a bug bounty platform and/or published vulnerabilities
ABOUT GOLDMAN SACHS
The Goldman Sachs Group, Inc. is a leading global investment banking, securities and investment management firm that provides a wide range of financial services to a substantial and diversified client base that includes corporations, financial institutions, governments and individuals. Founded in 1869, the firm is headquartered in New York and maintains offices in all major financial centers around the world.
Â© The Goldman Sachs Group, Inc., 2020. All rights reserved Goldman Sachs is an equal employment/affirmative action employer Female/Minority/Disability/Vet.
Back to top