Engineering - Cloud Security - Security Architecture & Platform Engineering - Associate - Seatt

Engineering - Cloud Security - Security Architecture & Platform Engineering - Associate - Seattle  Seattle, Washington, United States

At Goldman Sachs, our Engineers don’t just make things – we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action.

Create new businesses, transform finance, and explore a world of opportunity at the speed of markets. Goldman Sachs Engineers are innovators and problem-solvers, building solutions in Artificial Intelligence, risk management, big data, mobile and more.

As part of Core Engineering at Goldman Sachs, the Cloud Platform team is responsible for enabling the use of public cloud services across the firm. You will be working as part of a multi‑disciplinary team responsible for researching, architecting and building a cutting‑edge platform that enables Goldman Sachs teams to deploy and manage services in public cloud safely and securely. We are at an early stage of modernizing our services around cloud native principles, and you will be directly contributing to a platform that programmatically enforces safety, security and compliance of services and enables engineers to innovate faster.

• Design, implement, and maintain secure cloud architecture aligned with NIST frameworks and industry‑recognized cloud security standards, ensuring compliance, resilience, and least‑privilege access across cloud environments
• Build and deploy cloud security posture management infrastructure using Infrastructure as Code (Terraform/CDK)
• Implement integrations with enterprise services including risk management systems, monitoring platforms, SIEM, and compliance frameworks
• Deploy and maintain security policies, automated compliance validation, and remediation workflows

• Demonstrates thought leadership:
  Guides and upskills other engineers and clients in cloud best practices; demonstrates expertise with automation and infrastructure as code (IaC)
• Migrate infrastructure security controls to policy‑as‑code frameworks with automated testing and validation
• Integrate security controls into CI/CD pipelines for shift‑left security and pre‑deployment validation
• Optimize security policies during migration for improved coverage and reduced false positives
• Implement policy versioning, change management workflows, and automated deployment pipelines

• Understanding of AWS
• Support secure‑by‑default infrastructure initiatives for standardized cloud account provisioning
• Integrate security controls into Software Development Lifecycle (SDLC) with automated gates and validation
• Implement security baselines and automated compliance checks for new cloud accounts and services
• Provide self‑service security scanning and remediation tools for development teams

• Past enterprise level experience in Dev Ops, Software, Infrastructure or Site Reliability Engineering (2‑4 years)
• Proficient in infrastructure as code practices using technologies such as CDK, Terraform, AWS Cloud Formation, and/or Salt Stack
• Experience building CI/CD pipelines from scratch or integrating security controls into existing pipelines
• Hands‑on experience developing and improving all phases of the software development/delivery lifecycle
• Strong grasp of container technology including container orchestration

• Support implementation of cloud‑native authentication and authorization frameworks for service flows
• Assist with service identity onboarding and certificate lifecycle management
• Execute migration procedures and validate authentication flows for cloud‑native access patterns
• Troubleshoot authentication issues, performance bottlenecks, and integration challenges
• Provide technical support to…