| What We Do Goldman Sachs Engineers are innovators and problem-solvers building and operating critical security infrastructure to protect the firm and its customers. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment. The Identity and Access Management (IAM) business unit within Core Engineering builds and operates the firm's authentication, authorization, identity, secrets management, public key infrastructure, and cryptographic systems that are used by every single GS application. Your Impact We are looking for a senior Security Software Engineer to drive the implementation of new features in core platforms that support the firm's security and operational requirements for its' global technology infrastructure. You will coordinate with both technical and non-technical stakeholders, gather and understand requirements, and lead the implementation of secure-by-default features across both the application and infrastructure stacks that enable adoption of our services, improve quality of life for our clients, and manage/remediate risk. After you're ramped up, you'll join our on-call rotation to support our production environments. As a senior engineer, you'll also be expected to conduct code reviews, encourage SDLC best practices, provide technical mentorship, and perform discovery in new problem spaces. How Will You Fulfill Your Potential? 
 
 
 Implement new features in our Automated Certificate Management platform by building integrations into a growing list of supported endpoints.Manage and operate the firm's HSM-backed Public Key Infrastructure which includes Microsoft ADCS, AWS PCA, and relationships/integrations with public CAs.Collaborate with stakeholders and engineers on platform specific integrations.Provision and manage complex poly-cloud infrastructure and resources using GS build tools and processes.Manage the full lifecycle of software, from gathering requirements, design, implementation, testing, release, operations, and demise.Be the firm's certificate SME and the go-to person for incidents, support, design, and implementation consultations.Support the team as it grows and continues building critical security services for the firm by encouraging best practices across all GS engineering verticals including SDLC, SRE, Infrastructure (VMs, Containers, On-premise, Cloud), Sprint Planning, and Risk Management.
 
 
 Basic Qualifications: 
 
 
 Direct hands-on experience with HSM-backed PKI (Microsoft ADCS, EJBCA, AWS PCA)5+ years of software development experience in Java, Python, C#, or GolangExperience with IaC platforms (Terraform, AWS CDK/Cloudformation)Experience with common TLS termination infrastructure (load balancers, CDN, reverse proxies, microservice)Experience with CICD pipelines and fully automated build/test/deploy software lifecyclesExperience with containerization (Kubernetes, ECS, EKS, Podman)You're comfortable in both a Linux and Windows Server environment and can perform mid-to-advanced administrative tasks.
 
 
 Preferred Qualifications: 
 
 
 5+ years of experience developing and operating global-scale PKIs and revocation systems (CRL, OCSP)5+ years of experience with object-oriented programming and dependency injection frameworks like SpringStrong background with certificates and their use-cases (TLS, client authentication, code signing)Expertise with certificate tooling and libraries (openssl, keytool, bouncy-castle, crypto-lib, pyca/cryptography, go-cryptography)Experience with encryption, authentication, authorization, secrets management
 
 
 You Might Be a Good Fit If You: 
 
 
 Have built certificate management tooling or platforms from the ground upObsess over the user experience and constantly look for ways to offer frictionless experiences that enhance the user journeyHave experience being a platform provider and building tools and services for developersHave written custom terraform plugins or AWS CDK constructsBuild with a security-first mindsetCan debug a TLS handshakeHave demonstrated experience across the entire stack including application, infrastructure, observability, security, and SDLC.Have experience managing Hardware Security ModulesCan communicate technical concepts to a non-technical audienceCan troubleshoot production incidents with a strong analytical approach
 
 Salary Range The expected base salary for this Jersey City, New Jersey, United States-based position is $130000-$250000. In addition, you may be eligible for a discretionary bonus if you are an active employee as of fiscal year-end.
 Benefits Goldman Sachs is committed to providing our people with valuable and competitive benefits and wellness offerings, as it is a core part of providing a strong overall employee experience. A summary of these offerings, which are generally available to active, non-temporary, full-time and part-time US employees who work at least 20 hours per week, can be found here.
 |