About the position
Goldman Sachs Engineers are innovators and problem-solvers building and operating critical security infrastructure to protect the firm and its customers. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment. The Identity and Access Management (IAM) business unit within Core Engineering builds and operates the firm's authentication, authorization, identity, secrets management, public key infrastructure, and cryptographic systems that are used by every single GS application. We are looking for a senior Security Software Engineer to drive the implementation of new features in core platforms that support the firm's security and operational requirements for its' global technology infrastructure. You will coordinate with both technical and non-technical stakeholders, gather and understand requirements, and lead the implementation of secure-by-default features across both the application and infrastructure stacks that enable adoption of our services, improve quality of life for our clients, and manage/remediate risk. After you're ramped up, you'll join our on-call rotation to support our production environments. As a senior engineer, you'll also be expected to conduct code reviews, encourage SDLC best practices, provide technical mentorship, and perform discovery in new problem spaces.
Responsibilities
- Implement new features in our Automated Certificate Management platform by building integrations into a growing list of supported endpoints.
- Manage and operate the firm's HSM-backed Public Key Infrastructure which includes Microsoft ADCS, AWS PCA, and relationships/integrations with public CAs.
- Collaborate with stakeholders and engineers on platform specific integrations.
- Provision and manage complex poly-cloud infrastructure and resources using GS build tools and processes.
- Manage the full lifecycle of software, from gathering requirements, design, implementation, testing, release, operations, and demise.
- Be the firm's certificate SME and the go-to person for incidents, support, design, and implementation consultations.
- Support the team as it grows and continues building critical security services for the firm by encouraging best practices across all GS engineering verticals including SDLC, SRE, Infrastructure (VMs, Containers, On-premise, Cloud), Sprint Planning, and Risk Management.
Requirements
- Direct hands-on experience with HSM-backed PKI (Microsoft ADCS, EJBCA, AWS PCA)
- 5+ years of software development experience in Java, Python, C#, or Golang
- Experience with IaC platforms (Terraform, AWS CDK/Cloudformation)
- Experience with common TLS termination infrastructure (load balancers, CDN, reverse proxies, microservice)
- Experience with CICD pipelines and fully automated build/test/deploy software lifecycles
- Experience with containerization (Kubernetes, ECS, EKS, Podman)
- Comfortable in both a Linux and Windows Server environment and can perform mid-to-advanced administrative tasks.
Nice-to-haves
- 5+ years of experience developing and operating global-scale PKIs and revocation systems (CRL, OCSP)
- 5+ years of experience with object-oriented programming and dependency injection frameworks like Spring
- Strong background with certificates and their use-cases (TLS, client authentication, code signing)
- Expertise with certificate tooling and libraries (openssl, keytool, bouncy-castle, crypto-lib, pyca/cryptography, go-cryptography)
- Experience with encryption, authentication, authorization, secrets management.
Benefits
- Competitive salary
- Discretionary bonus eligibility for active employees as of fiscal year-end
- Comprehensive benefits and wellness offerings for full-time and part-time US employees working at least 20 hours per week.
