DescriptionTake your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.
As a Principal Cybersecurity Architect at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities to identify, communicate, and mitigate risk, and collaborate with colleagues across the organization to drive best-in-class outcomes.
We are looking for an experienced Principal Cybersecurity Architect to join our team as a specialist in Cloud Security. The candidate will be responsible for designing secure cloud infrastructure architectures for our enterprise Artificial Intelligence/Machine Learning (AI/ML) applications. The role requires a cloud security leader who is passionate about AI/ML architecture and can solve complex security configurations through innovation. You will apply your in-depth cloud security knowledge and expertise to all aspects of AI/ML development lifecycle, as well as partner continuously with your many product stakeholders. You’ll work in a collaborative, trusting, thought-provoking environment—one that encourages diversity of thought and creative solutions that are in the best interests of our customers.
Job responsibilities
- Provide thought leadership for securing on premise and cloud based AI/ML solution architecture
- Design comprehensive security architectures for cloud infrastructure projects
- Design secure networks and systems based on industry standards and best practices
- Identify and address security vulnerabilities, security risks, and other compliance issues
- Perform regular audits of all cloud infrastructure
- Participate in application and system hardening activities
- Develop and document security policies, procedures, and processes
- Conduct security risk assessments using various tools and processes
- Create and communicate threat models
- Partner with product managers to identify, quantify, and communicate all security risks.
- Drive innovation and ensure that JPMC maximizes the business benefits while minimizing security risk across your product
Required qualifications, capabilities, and skills
- Formal training or certification on software engineering concepts and 10+ years applied experience
- Advanced Technical knowledge in architecting, designing, and Integrating security solutions in a large-scale enterprise of highly distributed applications
- Experience designing/delivering secure cloud infrastructure architectures for our enterprise AI/ML applications
- Strong knowledge of AI/ML security concepts, threats, and vulnerabilities including Generative AI and Large Language Models
- Demonstrated proficiency in software applications and technical processes within artificial intelligence and/or machine learning.
- Practical cloud native experience with an understanding of cloud computing concepts and services such as AWS, Azure, GCP, etc
- Hands-on practical experience with Threat Models.
- Advanced in one or more programming languages
- Proficiency in all aspects of the Software Development Life Cycle and Model Development Life Cycle
- Advanced understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security
- Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture
Preferred qualifications, capabilities, and skills
- Knowledge of networking protocols and techniques, such as TCP/IP, routing, DNS, DHCP, etc.
- Knowledge of IAM concepts, including but not limited to: provisioning, RBAC, ABAC, SCIM, LDAP, federated identity platforms/products and Privileged Access Management
- Experience with API security and public cloud API integration
- Experience developing and understanding information security architecture, mitigation of threats, and compensating controls.
- Deep familiarity with frameworks such as NIST 800-53, OWASP, CVSS, the MITRE ATT&CK framework, MITRE Atlas, PCI, and Gramm-Leach-Bliley Act (GLBA).
- Experience using cloud Infrastructure as Code (IaC) using frameworks like Terraform
- Experience with microservices designs and implementations including docker, Kubernetes, helm