DescriptionAs a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you will work alongside cryptographers and a group of passionate security engineers to solve complex security problems and support the deployment of cryptography-based solutions.
Job responsibilities
- Assess existing cryptographic libraries, in particular network security protocol stacks
- Evaluate existing crypto-agile approaches and tools - define JPMC-centric solutions
- Define and develop tools or libraries for cryptography services
- Review architecture document for security services
- Assist with performance impact assessment of post-quantum cryptography deployment
- Conduct source code security review
- Communicate ongoing work with other teams or organizations
- Collaborate with cryptographers on specific topics.
Required qualifications, capabilities, and skills
- Formal training or certification on security concepts and 5+ years strong industry experience in combining cryptography and security best-practices to secure complex IT infrastructure, customer-facing services, and sensitive customer and enterprise data.
- Proficiency in multiple programming languages, e.g., Java, Python, C#, JavaScript, C/C++, shell scripting
- Expertise in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, block ciphers
- Strong understanding and hands-on experience of network security protocols (deploying, tuning TLS, SSH, IPsec etc. – especially TLS 1.3)
- Good familiarity with upcoming NIST post-quantum cryptography standards and related migration efforts
- Hands-on data protection solution development utilizing industry standard security protocol and best practices
- Application knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509)
- Proven track record in working with diverse teams to achieve goal.
Preferred qualifications, capabilities, and skills
- Basic knowledge on cryptanalysis, crypto system threat modeling and analysis
- Some understanding of advanced cryptography topics like secure multiparty computation, zero-knowledge or homomorphic encryption
- NIST key management best practices
- Experience with AWS and Docker.
- Engineering and managing cryptographic systems for enterprise applications and infrastructure.
