Advisory

Goldman Sachs’ interview process is known for its rigor: candidates first clear an online aptitude test, followed by a deep‑dive technical interview focusing on architecture design, threat modeling, and hands‑on security scenarios. Subsequent rounds assess communication skills, stakeholder management, and cultural fit. Preparation should include mastering OWASP concepts, cloud security best practices, and practicing case‑study presentations.

Goldman Sachs promotes a high‑performance culture that balances rigorous standards with supportive mentorship. Employees benefit from structured career development programs, global mobility options, and a collaborative environment that encourages innovative thinking while maintaining a strong focus on work‑life balance.

Bachelor's or Master's degree in Computer Science, Information Security, or related field; minimum 8 years of professional experience in application security, threat modeling, or secure design reviews; strong understanding of cloud security (AWS preferred); no active backlogs; academic performance of 60% or higher; candidates from any engineering branch with relevant experience are welcome.

Round 1: Online aptitude & technical screening → Round 2: Technical interview (architecture review, threat modeling case study) → Round 3: Managerial interview (risk communication, stakeholder management) → Round 4: HR interview (cultural fit, compensation discussion)

Goldman Sachs is a premier global investment banking, securities, and investment management firm with a legacy that dates back to 1869. Headquartered in New York, the firm operates in all major financial hubs worldwide and serves a diversified client base that includes corporations, governments, financial institutions, and high‑net‑worth individuals. In India, Goldman Sachs has built a strong presence across technology, risk, and advisory functions, offering fresh talent the chance to work on high‑impact projects that shape the future of finance. The Technology Risk division, led by the Chief Information Security Officer (CISO), is the guardian of the firm’s digital assets, defending against sophisticated cyber threats, ensuring secure software delivery, and embedding security controls throughout the software development lifecycle (SDLC). Within this division, the Advisory team acts as the consultative arm, partnering with engineers, product owners, and business stakeholders to assess new technology initiatives, design secure architectures, and embed security best practices into every line of code. The role of Advisory – Application Security Architect focuses on reviewing software architecture designs and identifying potential security flaws early in the SDLC. You will work closely with developers and architects to guide the creation of secure on‑premise and cloud‑native applications, leveraging deep knowledge of threat modeling, secure design reviews, and cloud security patterns. The ideal candidate brings at least eight years of experience in application security, with a proven track record of conducting threat modeling, security assessments, and penetration testing for complex enterprise systems. Key responsibilities include: 1. Perform comprehensive software architecture design reviews for both on‑premise and cloud deployments (primarily AWS). 2. Act as the primary application security liaison for developers and architects, providing guidance on secure coding practices and design decisions. 3. Review and interpret security assessment reports from penetration testing and code‑review engagements, translating findings into actionable remediation plans. 4. Conduct read‑out calls with business stakeholders to articulate risks, prioritize mitigations, and align security recommendations with business objectives. 5. Develop and maintain a library of secure architecture design patterns and reference implementations. 6. Mentor junior security analysts and engineers, fostering a culture of security‑by‑design across the organization. 7. Collaborate with the Cloud Security team to ensure that cloud‑native services follow industry‑standard hardening guidelines. 8. Stay current with emerging threats, OWASP Top 10, NIST, and other relevant security standards, and incorporate updates into the firm’s security framework. 9. Participate in incident response activities when security incidents involve design‑level vulnerabilities. 10. Contribute to continuous improvement of the SDLC security tooling pipeline, including static and dynamic analysis integrations. The technology stack you will engage with includes AWS services (EC2, S3, Lambda, IAM, KMS), container platforms (Docker, Kubernetes), modern web frameworks (Spring Boot, .NET Core, React, Angular), databases (MySQL, PostgreSQL, MongoDB), and security tooling such as Burp Suite, OWASP ZAP, Snyk, and custom fuzzers. A solid grasp of cryptographic concepts (TLS, AES, RSA, HMAC) and authentication protocols (OAuth 2.0, SAML, OIDC) is essential. Goldman Sachs offers a clear growth trajectory for security professionals: exposure to high‑stakes financial systems, opportunities to lead cross‑functional security initiatives, and a pathway to senior leadership roles such as Principal Security Architect or Head of Application Security. The firm’s commitment to continuous learning is reflected in sponsorship for certifications (CISSP, GSEC, AWS Security Specialty) and internal knowledge‑sharing forums. Why join Goldman Sachs? You will be part of a world‑class security team that protects billions of dollars of assets, work with cutting‑edge technologies, and receive mentorship from industry veterans. The firm’s culture emphasizes meritocracy, collaboration, and a relentless focus on excellence, making it an ideal place for ambitious security engineers to accelerate their careers.