HOW YOU WILL FULFILL YOUR POTENTIAL
As a Security Engineer in GCDI’s Threat Management Center, you will be an integral part of a technical team that is responsible for providing the GCDI organization with security sensors and data sets that increase awareness of current and potential Cyber Threats. The ideal candidate should be someone with cyber security experience, hands-on technical skills on Windows, Linux and Network security, along with experience in utilizing security information for detection engineering, live intrusions and triage security events in real-time. You will conduct cyber event and incident response investigations and remediate security gaps using world-class security tooling. You will also have opportunities to automate incident response workflows and remediation activities in order to increase the efficacy of our incident response efforts.
Job Responsibilities:
- Enable a world-class cyber defense program by working closely with other technical, incident management, and forensic personnel to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors
- Work at the forefront of designing an innovative threat and security incident management solution
- Coordinate and triage response to cybersecurity events and conduct forensic analysis
- Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
- Perform host-based and network forensic investigations, determining the cause of the security incident and preserving evidence for potential legal action
- Participate in a 24x7 coverage model to prevent and remediate security threats against Goldman Sachs’ global business network
- Contribute to improve the efficiency of the Security sensors by looking for opportunity to tune the security controls to adjust to the ever-evolving security threat land scape
- Effectively lead the security projects/tasks assigned by taking ownership of planning, implementation & coordination
- Experience in developing use cases based on adversarial tactics, techniques and procedures (TTPs), and tuning event detection rules to optimize detection efficacy
Basic Qualifications:
- Strong verbal and written communication skills, capable of clearly conveying complex technical concepts to both technical and non-technical stakeholders.
- Robust analytical and problem-solving abilities, demonstrated by proactively identifying and resolving security challenges, as well as coordinating incident response efforts within a dynamic environment.
- Comprehensive understanding of security frameworks such as MITRE ATT&CK and NIST, along with expertise in threat intelligence, automation strategies, and developing detection logic within SIEM platforms like Splunk, Elastic, and BQL.
- Strong sense of ownership and commitment to managing tasks to completion, including overseeing daily operations and ensuring effective detection and mitigation of threats.
- Proficiency in scripting languages, including advanced skills in Python and PowerShell for developing detection queries and automating security processes.
- Relevant industry certifications, such as GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, or GCFR.
Preferred qualifications:
- Over 7+ years of experience in cybersecurity, including a minimum of 3 years specializing in detection engineering technologies and incident response.
- Managed Security Operations Center (SOC) activities as a shift lead, overseeing daily operations, coordinating incident response efforts, and ensuring effective detection and mitigation of threats within a dynamic environment.
- Proficiency in scripting languages, including Python and PowerShell
- Expertise in developing advanced analytical queries within SIEM platforms such as Splunk, Elastic, and BQL
- Experience crafting queries and detection logic in EDR solutions like Microsoft Defender for Endpoint (MDE) and CrowdStrike Falcon
- Knowledge conducting incident response within a major public cloud (i.e. AWS, Google, Azure)
- At least one of the following certifications: GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR
Skills Required
- Hands-on technical skills on Windows, Linux, and network security
- Experience conducting cyber event and incident response investigations and forensic analysis
- Expertise with security frameworks (MITRE ATT&CK, NIST) and threat intelligence
- Experience developing detection logic and use cases in SIEM platforms (Splunk, Elastic, BQL)
- Proficiency in scripting for detection and automation (Python, PowerShell)
- Strong verbal and written communication and analytical/problem-solving skills
- Relevant industry certifications (e.g., GNFA, GCFE, GCFA, CCFP, CFCE, ACE, OSCP, GCFR)
- 7+ years total cybersecurity experience, with detection engineering and incident response specialization
- Experience with EDR solutions (Microsoft Defender for Endpoint, CrowdStrike Falcon)
- Experience conducting incident response in public cloud environments (AWS, Google, Azure)
- Prior SOC shift lead or SOC operations management experience
Goldman Sachs Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Goldman Sachs and has not been reviewed or approved by Goldman Sachs.
-
Healthcare Strength — Coverage includes medical, dental, vision, disability, life and accident insurance, with multiple plan options and most premiums subsidized; coverage often starts on day one. Wellness resources, on-site health centers in some locations, and EAP access reinforce the depth of health support.
-
Parental & Family Support — Family care includes on-site childcare in some offices, expectant parent resources, and transitional programs for returning parents. Feedback suggests parental leave is very generous, with reports of around 20 weeks paid leave and stipends for adoption, surrogacy, and fertility-related services.
-
Retirement Support — The firm provides a 401(k) plan with employer matching contributions and broad financial education to help employees plan for retirement. Resources also support saving for education and preparing for unexpected events.
Goldman Sachs Insights
What We Do
At Goldman Sachs, we believe progress is everyone’s business. That’s why we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, Goldman Sachs is a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices in all major financial centers around the world. More about our company can be found at www.goldmansachs.com







