DescriptionTake your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.
As a Principal Cybersecurity Architect at at JPMorgan Chase within the Cybersecurity and Technology Controls organization , you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.
Job responsibilities
- Advises cross-functional teams on technology selections and decisions to achieve target state cybersecurity on improvements to current cybersecurity parameters
- Develops multi-year roadmaps aligned with business and architecture strategy and priorities
- Creates complex and scalable coding frameworks on the public cloud for new system design patterns and process templates
- Creating, maintaining, and maturing a comprehensive cybersecurity reference architecture for products to address near-, mid-, and far-term known and unknown needs.
- Leveraging multiple security methodologies and approaches, enabling engineering teams to build and deploy products that are secure by default
- Acts as product liaison for security related customer requests leveraging an established process
- Develops secure and high-quality production code and reviews and debugs code written by others
- Serves as the function’s go-to subject matter expert and drives thought leadership within the product line
- Participate in security assessments for new and existing products through the conduct of threat modeling and technical risk assessment in partnership with other teams
- Coordinate, support, and influence the Security Testing (penetration testing, static and dynamic analysis related activities) with internal Product and Software Security teams
- Contributes to the development of technical methods in cybersecurity in line with the latest product development methodologies
Required qualifications, capabilities, and skills
- Formal training or certification in architecture concepts and 10+ years applied experience
- Hands-on practical experience in cybersecurity architecture that can be applied and reused across businesses, functions, and systems
- Fluent in one or more programming languages
- Deep knowledge of one or more software or applications
- Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
- Experience applying expertise and new methods to determine solutions for complex architecture problems in one or more technical disciplines
- Experience creating threat models of system and software designs
- Experience with secure architecture of enterprise grade systems built for resilient operations
- Ability to present and effectively communicate with senior leaders and executives
- Understanding of the business and knowledgeable of latest risk trends in the internal and external environments
- Practical cloud native experience
Preferred qualifications, capabilities, and skills
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
- Strong technical skills as they apply to cloud infrastructure and platforms.
- Well versed in security controls intended to defend, detect, and respond to threats across various technology stacks (network, storage, compute, software, etc)
- Deep understanding of how to connect new and changing threats to cloud computing portfolio to create mitigating or compensating activities.
- Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
- Ability to explain and champion security concepts.
- Strong skills in analysis and evaluation of processes and methods.