Lead Security Engineer

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the Corporate Sector - Cybersecurity and Tech Controls - GT Enterprise Product Security team, you will be an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions.

• Executes creative security solutions by design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches
• Apply knowledge of existing security solutions to satisfy security requirements for internal clients (e.g., product, platform, application owners)
• Develops secure and high quality production code in reviewing and debugging code written by others
• Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls
• Applies specialized tools (e.g., vulnerability scanner) to analyze and correlate incident data to identify, interpret, and summarize the probability and impact of threats when determining specific vulnerabilities
• Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present
• Executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network
• Leads delivery of continuity-related awareness, training, educational activities, and exercises in collaboration with senior stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability
• Adds to team culture of diversity, equity, inclusion, and respect

• Formal training or certification on security and software engineering concepts and 5+ years of applied experience
• Experience developing security engineering solutions, along with design and implementation of cloud security solutions on AWS, Azure, or GCP for best technical practices
• Advanced in one or more programming languages and frameworks (i.e., Java, Python, Golang, Shell Scripting, Automation tools, Terraform, etc.)
• Proficient in all aspects of the Software Development Life Cycle
• Implement security best practices and compliance requirements into actionable policies for a secure cloud environment
• Manage policy changes using version control systems like GIT and collaborate with teams on platforms in GIT or Bit bucket
• Solid understanding of agile methodologies such as CI/CD, utilizing Terraform and Jenkins/Jules for infrastructure as a code to enhance deployments and updates for application resiliency, and security
• Demonstrates effective communication and interpersonal skills with senior business leaders
• In-depth knowledge of the financial services industry and their IT systems

• Familiar with software engineering concepts in a major public cloud platform like AWS, Azure, or GCP or hybrid cloud experience
• Proficient in Python for automation, backend development, and cloud management tool integration, with additional skills in Java being advantageous
• Strong understanding of security best practices and compliance standards for cloud environments