Identity and Access Management - Security Software Engineer - Vice President

What We Do

Goldman Sachs Engineers are innovators and problem-solvers building and operating critical security infrastructure to protect the firm and its customers. We look for creative collaborators who evolve, adapt to change and thrive in a fast-paced global environment.

The Identity and Access Management (IAM) business unit within Core Engineering builds and operates the firm's authentication, authorization, identity, secrets management, public key infrastructure, and cryptographic systems that are used by every single GS application.

Your Impact

We are looking for a senior Security Software Engineer to drive the implementation of new features in core platforms that support the firm's security and operational requirements for its' global technology infrastructure.

You will coordinate with both technical and non-technical stakeholders, gather and understand requirements, and lead the implementation of secure-by-default features across both the application and infrastructure stacks that enable adoption of our services, improve quality of life for our clients, and manage/remediate risk. After you're ramped up, you'll join our on-call rotation to support our production environments.

As a senior engineer, you'll also be expected to conduct code reviews, encourage SDLC best practices, provide technical mentorship, and perform discovery in new problem spaces.

How Will You Fulfill Your Potential?

• Implement new features in our Automated Certificate Management platform by building integrations into a growing list of supported endpoints.
• Manage and operate the firm's HSM-backed Public Key Infrastructure which includes Microsoft ADCS, AWS PCA, and relationships/integrations with public CAs.
• Collaborate with stakeholders and engineers on platform specific integrations.
• Provision and manage complex poly-cloud infrastructure and resources using GS build tools and processes.
• Manage the full lifecycle of software, from gathering requirements, design, implementation, testing, release, operations, and demise.
• Be the firm's certificate SME and the go-to person for incidents, support, design, and implementation consultations.
• Support the team as it grows and continues building critical security services for the firm by encouraging best practices across all GS engineering verticals including SDLC, SRE, Infrastructure (VMs, Containers, On-premise, Cloud), Sprint Planning, and Risk Management.

Basic Qualifications:

• Direct hands-on experience with HSM-backed PKI (Microsoft ADCS, EJBCA, AWS PCA)
• 5+ years of software development experience in Java, Python, C#, or Golang
• Experience with IaC platforms (Terraform, AWS CDK/Cloudformation)
• Experience with common TLS termination infrastructure (load balancers, CDN, reverse proxies, microservice)
• Experience with CICD pipelines and fully automated build/test/deploy software lifecycles
• Experience with containerization (Kubernetes, ECS, EKS, Podman)
• You're comfortable in both a Linux and Windows Server environment and can perform mid-to-advanced administrative tasks.

Preferred Qualifications:

• 5+ years of experience developing and operating global-scale PKIs and revocation systems (CRL, OCSP)
• 5+ years of experience with object-oriented programming and dependency injection frameworks like Spring
• Strong background with certificates and their use-cases (TLS, client authentication, code signing)
• Expertise with certificate tooling and libraries (openssl, keytool, bouncy-castle, crypto-lib, pyca/cryptography, go-cryptography)
• Experience with encryption, authentication, authorization, secrets management

You Might Be a Good Fit If You:

• Have built certificate management tooling or platforms from the ground up
• Obsess over the user experience and constantly look for ways to offer frictionless experiences that enhance the user journey
• Have experience being a platform provider and building tools and services for developers
• Have written custom terraform plugins or AWS CDK constructs
• Build with a security-first mindset
• Can debug a TLS handshake
• Have demonstrated experience across the entire stack including application, infrastructure, observability, security, and SDLC.
• Have experience managing Hardware Security Modules
• Can communicate technical concepts to a non-technical audience
• Can troubleshoot production incidents with a strong analytical approach