The Workplace Engineering organization is responsible for designing, securing, and operating the firm’s digital workplace platforms, including cloud‑hosted desktops, endpoint management, identity services, productivity and collaboration services, and data security and compliance capabilities.
Within this organization, Workplace Security Engineering partners closely with Technology Risk, Cyber Security, and Audit teams to ensure workplace platforms are secure by design, compliant with firm standards, and able to meet regulatory and audit expectations throughout their lifecycle.
Role SummaryWe are seeking a Workplace Security Engineer to focus on security architecture, control design, and risk governance for modern workplace environments, including cloud desktop platforms, cloud identity services, endpoint management, and information protection and compliance tooling.
This role sits at the intersection of system engineering, security architecture, and technology risk. The successful candidate will translate risk and control requirements into practical platform designs, lead security design reviews and approvals, and ensure workplace solutions are delivered with clear control ownership, traceability, and audit‑ready evidence.
The role works closely with Technology Risk(TR), enterprise security teams, and platform engineers to support architecture reviews, risk assessments, control attestations, and remediation activities across both on‑premise and cloud‑hosted workplace environments.
Job Responsibilities Platform Security & Architecture- Act as a security design authority for digital workplace platforms, including cloud desktops, cloud identity, endpoint management, and cloud productivity services
- Define and review security reference architectures, control patterns, and guardrails for endpoint, identity, access, data protection, and compliance capabilities
- Ensure platform designs align with firm security standards, zero trust principles, and regulatory requirements
- Assess new workplace capabilities and architectural changes for security, risk, and control impact
- Partner closely with Technology Risk Management to:
- Support architecture and design reviews
- Contribute to risk assessments and threat modeling
- Respond to risk challenge, control testing, and remediation planning
- Own or contribute to formal security design approvals for new or materially changed workplace solutions
- Translate high‑level policies and risk statements into implementable and testable technical controls
- Ensure workplace security controls are:
- Designed intentionally (not implicit)
- Implemented consistently
- Measurable and defensible under audit
- Produce and maintain control documentation, including:
- Architecture diagrams
- Control narratives
- Supporting technical evidence
- Support audit, regulatory, and compliance activities, including walkthroughs and evidence requests
- Partner with engineering teams to close control gaps and risk findings
- Govern secure design of:
- Cloud‑managed endpoint onboarding and configuration
- Identity‑centric access controls and device trust signals
- Data classification, retention, eDiscovery, and data loss prevention
- Ensure consistent application of hardening standards, configuration baselines, and policy enforcement across physical, virtual, and cloud desktops
- Review integrations between workplace platforms and downstream services from a security and data‑handling perspective
- Work across Workplace Engineering, Cyber Security, Technology Risk, and Audit teams
- Act as a trusted advisor to platform and product owners
- Communicate complex technical and risk concepts clearly to technical, risk, and executive stakeholders
- 4–10 years of experience in workplace engineering, security engineering, platform security, or risk‑aligned engineering roles
- Strong experience with Windows‑based desktop environments, including cloud‑hosted or virtual desktop models
- Proven experience working with Technology Risk, Audit, or Governance teams
- Strong understanding of security control design (preventive, detective, corrective)
- Experience creating architecture‑grade and audit‑ready documentation
- Excellent written and verbal communication skills
- Experience securing cloud‑hosted digital workplace platforms
- Strong familiarity with:
- Cloud identity and access management models
- Endpoint management and configuration enforcement
- Information protection, data governance, and compliance tooling
- Experience supporting regulated environments with formal risk and audit processes
- Understanding of zero trust and identity‑centric security architectures
- Ability to balance engineering pragmatism with risk discipline
- Workplace platforms are delivered with approved security architectures
- Technology Risk teams have confidence in control coverage and implementation
- Audit and regulatory interactions are supported by clear, defensible evidence
- Engineering teams receive practical, design‑time security guidance
- Security and risk considerations are embedded early and consistently
We believe who you are makes you better at what you do. We're committed to fostering and advancing diversity and inclusion in our own workplace and beyond by ensuring every individual within our firm has a number of opportunities to grow professionally and personally, from our training and development opportunities and firmwide networks to benefits, wellness and personal finance offerings and mindfulness programs. Learn more about our culture, benefits, and people at GS.com/careers.
We’re committed to finding reasonable accommodations for candidates with special needs or disabilities during our recruiting process. Learn more: https://www.goldmansachs.com/careers/footer/disability-statement.html