Originating from Chase in 2021, we are a team dedicated to creating customer-centric products. Our success relies on collaboration, curiosity, and commitment, nurtured in an environment promoting skill development.
As a Lead Security Engineer at JPMorgan Chase within the accelerator program, you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects – and depending on your strengths and interests, you'll have the opportunity to move between them.
While we’re looking for professional skills, culture is just as important to us. We understand that everyone's unique – and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference – on us as a company, and on our clients and business partners around the world.
Job responsibilities
Cultivate security culture Working with Product and Engineering colleagues, be the security champion that strives to prioritize sustainable controls and driving real risk reduction outcomes.
Build secure products ensure security is considered throughout the Product and Software Development Life Cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
Ensure security thought leadership Keep up on security best practice and be a continuous learner. Guide and define our security practices and standards end-to-end, be recognized as a point of escalation and subject matter expert for IT Risk and Cyber domains.
Work togetherWe work together with product and engineering, we help to solve problems and not just calling out issues, We also operate within a larger business and align with the wider security function across JPMC.
Ensure we are deploying products into asecure environment, aligning with the FIRM control requirements, supporting on-going business-as-usual, vulnerability management, internal security consultancy, audit and regulatory engagements, risk activities and project initiatives. Work closely with Third Party Oversight teams to ensure effective technology risk management, with a focus on Cloud computing / emerging technologies.
Required qualifications, capabilities and skills
Formal training or certification on security engineering concepts and applied experience Extensive experience in an engineering role with heavy focus on security. Excellent knowledge of best-practices for securing Micro-service architectures. Excellent knowledge of securing Kubernetes environments. Excellent knowledge of methods for authentication, authorization (ODIC, OAuth 2, FIDO 2 Excellent knowledge of modern SDLC practices with a focus on embedding security into CI/CD pipelines. Excellent knowledge of all of the above concepts in the context of at least one (ideally more!) public cloud provider (AWS,GCP,Azure) A desire to teach others and share knowledge. We aren’t looking for hero engineers, we look for team players. We want you to coach other team members on security coding practices, design principles, and implementation patterns. Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly. Ability to see the long term. We don’t want you to sacrifice the future for the present. We want you to choose technologies and approaches based on the end goals. Clarity of thought. We operate quickly and efficiently, and we value people who are economical with their time and clear with their opinions.
Preferred qualifications, capabilities and skills
Understanding of applied cryptography - symmetric/asymmetric cryptography, Certificate management. Knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS) Understanding of security vulnerabilities and remediation options in codebases (Java/Kotlin/etc) & containers Excellent knowledge of security/identity SaaS vendors (Auth0, Forgerock, Keycloak)
#ICBCareer #ICBEngineering
