DescriptionPlay a vital role in shaping the future of an iconic company and make a direct impact in a dynamic environment designed for top achievers.
As a Senior Lead Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications and platform products. Drive significant business impact through your capabilities and contributions, and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.
The Senior Lead Cybersecurity Architect for Cloud & Infrastructure will be responsible for partnering with Cloud Enablement/Engineering, Line of Business Resiliency Leads and technologists across the firm in developing real life failure scenarios and appropriate solutions where gaps exist. Ensuring that resiliency is designed across the life cycle of both On-Prem Private and Public Cloud infrastructure technology and applications, thereby driving the timely and successful execution of the firm wide Recovery and Resiliency strategy.
Job responsibilities
- Work closely with Line of Business architects and Infrastructure Product technologists to develop resilient architectures, design patterns and solutions that cover the Firm’s primary Plausible Disruptive Event scenarios
- Partner with the Firmwide Simulation Utility (FSU), the Firmwide Business Resiliency (FBR), and Infrastructure and Application development teams to develop new testing scenarios and capabilities
- Provide key SME leadership across the technology organization on resiliency programs and initiatives
- Provide guidance and oversight in the development and implementation of resiliency controls to provide continuous monitoring of the Firm’s capability to recover from a disruptive event
- Define and implement post-mortem / root-cause analysis processes – develop improved controls and testing scenarios based upon analysis
- Partner with Product teams to ensure that products are designed and implemented in a resilient manner and have validation plans in place including continuous improvement plans
- Ensure that recovery playbooks are clearly defined, documented, communicated, adhered to, are audit compliant, and support associated application and business recovery objectivesPlanning, designing, and implementing enterprise level infrastructure solutions
- Guiding the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
- Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
- Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
- Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
Required qualifications, capabilities, and skills
- Formal training or certification on software engineering* concepts and 5+ years applied experience
- Hands-on experience, including technical depth in one or more technology areas, such as: Cloud Enablement Design & Migration, Infrastructure Design, Distributed Technologies, and/or Messaging Technology.
- Knowledge of network architecture concepts, including topology, protocols, components, principles, fault domains and failure modes
- Understanding of latest cyber threats, attacking techniques and mitigating strategies (ie. blast radius analysis, workload placement)
- Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly / minimization...)
- Familiarity with Terraform and Infrastructure As Code (IaC) principles and tooling
- Skilled in conducting application and infrastructure design reviews/assessment and recognizing weaknesses vulnerabilities in systems
- Prior experience in disaster and/or cyber recovery planning and testing would be advantageous
- Knowledge of system and application vulnerabilities e.g. MITRE Att&ck framework, OWASP, NIST, SANS would be advantageous
- Hands-on experience experience of developing, engineering or architecting within a public cloud environment
- Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
Preferred qualifications, capabilities, and skills
- Prior experience working with external auditors and regulators would be advantageous
- Programming experiences in one or more languages (scripting/functional/imperative -- C/C++, Java, Python, Scala, R, SQL, etc.) would be advantageous
- Certified as a AWS Solutions Architect, Azure Solutions Architect and/or CISSP