Tech Risk Advisory - Red Team Operator - Associate/Vice President - Warsaw

Tech Risk Advisory - Red Team Operator - Associate/Vice President - WarsawWarsaw, Mazowieckie, Poland

What We Do

At Goldman Sachs, our Engineers don’t just make things – we make things possible. Change the world by connecting people and capital with ideas. Solve the most challenging and pressing engineering problems for our clients. Join our engineering teams that build massively scalable software and systems, architect low latency infrastructure solutions, proactively guard against cyber threats, and leverage machine learning alongside financial engineering to continuously turn data into action. Create new businesses, transform finance, and explore a world of opportunity at the speed of markets.

Engineering, which is comprised of our Technology Division and global strategists groups, is at the critical center of our business, and our dynamic environment requires innovative strategic thinking and immediate, real solutions. Want to push the limit of digital possibilities? Start here.

Who we are

Led by the Chief Information Security Officer (CISO), Technology Risk (TR) protects Goldman Sachs from cyber threats by strengthening detection and prevention capabilities, improving the security of applications and infrastructure, building software to support security operations, measuring cybersecurity risk, and designing security controls. TR operates globally across the Americas, APAC, India, and EMEA.

Within TR, the Red Team conducts periodic, threat intelligence led assessments that emulate real adversaries to evaluate security controls in realistic conditions. Engagements include both:

Red team assessments to measure end to end resilience against adversary behaviors
Purple team exercises to collaborate with defenders, validate detections, and rapidly translate findings into durable improvements.

The team also researches emerging techniques and invests in the engineering needed to operate safely and repeatably, including lab environments, tooling, and attack simulation infrastructure, to ensure assessments remain current and actionable.

Your impact

You will help to deliver high impact Red and Purple Team engagements that meaningfully improve security outcomes at Goldman Sachs. Working from threat intelligence and real-world attacker tradecraft, you will emulate credible adversaries, identify gaps across people, process, and technology, and help to drive the fixes that reduce risk.
This role focuses on strengthening detection, response, and prevention through rigorous, well scoped testing and clear communication of results to both technical teams and senior stakeholders.

How you will fulfill your potential

You will help plan and execute advanced security assessments against infrastructure and customer facing products, informed by the latest threat landscape. You will apply creativity and sound engineering judgment to simulate realistic adversary behaviors, while operating with strong risk discipline appropriate for production environments.

Key Responsibilities

Execute threat intelligence led red team and purple team engagements using frameworks such as MITRE ATT&CK.
Scope engagements with clear objectives, constraints, and safety controls, aligned to documented rules of engagement.
Test and validate security controls, including detection and response capabilities, and document outcomes with evidence.
Partner with defenders and engineers to translate findings into prioritized, measurable remediation plans.
Contribute to the evolution of playbooks, rules of engagement, reporting standards, and repeatable execution processes.
Maintain and enhance tooling and assessment infrastructure to support safe, scalable, and current testing.
Communicate results clearly, including risk context, business impact, and practical mitigations.

Basic Qualifications

3+ years of experience participating in red team engagements, adversary emulation, penetration testing, or purple teaming.
Working knowledge of the MITRE ATT&CK framework.
Experience with threat modelling and security assessment methodologies.
Familiarity with security standards and guidance, such as OWASP testing resources and NIST publications.
Strong written and verbal communication skills, with the ability to explain technical risk to varied audiences.

Preferred Qualifications

CREST certifications or equivalent industry credentials.
Offensive Security certifications (for example, OSCE or OSEP).
Relevant SANS training in penetration testing, red teaming, or purple teaming.
Experience with common security testing tooling (for example, Burp Suite, Metasploit and Cobalt Strike) and the ability to build lightweight proof of concept tooling or automation (Python, PowerShell or .NET).
Broad knowledge of network, application, and operating system security risks.
Degree in Computer Science, Computer Engineering, Cybersecurity, or Information Security, or equivalent practical experience.
Background in software development, system design, cryptography fundamentals, or secure architecture.

ABOUT GOLDMAN SACHS

At Goldman Sachs, we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, we are a leading global investment banking, securities and investment management firm. Headquartered in New York, we maintain offices around the world.

We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.

We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html

Goldman Sachs is an equal opportunity employer and does not discriminate on the basis of race, color, religion, sex, national origin, age, veterans status, disability, or any other characteristic protected by applicable law.