DescriptionYour seniority as a lead security engineer puts you in the ranks of the top talent in your field. Play a critical role at one of the world's most iconic financial institutions where security is vital.
As a Lead Security Engineer at JPMorgan Chase within the Cyber Security and Technology Controls, you serve as a seasoned member of a team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Carry out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions in support of the firm’s business objectives
Job responsibilities
- Performs development, deployment, administration, management, configuration, testing, and integration tasks related to the cloud security platforms.
- Develop automated security and compliance capabilities in a large-scale computing environment for the storage program within the firm.
- Champion a security model so that security is automated and elastic across all platforms and cultivate a cloud first mindset in transitioning workloads.
- Leverage tools to build, harden, maintain, and instrument a comprehensive security orchestration platform for infrastructure as code.
- Provides support to drive the maturity of the Cybersecurity software development lifecycle and develop & improve the quality of technical engineering documentation.
- Makes decisions of a global, strategic nature by analyzing complex data systems and incorporating knowledge of other lines of business & JPMC standards.
- Ensures all engineering and development activities are in conformance with JPMC policies and objectives.
- Provides quality control of engineering deliverables, technical consultation to product management and technical interface between development and operations teams
Required qualifications, capabilities, and skills
- Formal training or certification on security concepts and 5+ years applied experience.
- Experience with highly scalable systems, release management, software configuration, design, development, and implementation is required.
- Proficiency in programming languages like Python and Java and strong technical background with one or more Public Cloud platforms( AWS, GCP, Azure) and Cloud Infrastructure deployment at scale (OSB, Terraform, SCIM)
- Ability to analyzing complex data systems – failure analysis / root cause analysis, developing, improving, and maintaining technical engineering documentation.
- Experience designing and establishing baselines and prove security posture against implemented controls along with, risk management processes, principles, architectural requirements, engineering, threats and vulnerabilities, threat intelligence and application security.
- Experience with container technologies such as Docker, Kubernetes, or Open Container Initiative (OCI); CI/CD experience utilizing tools such as GitHub, Terraform, Jenkins, etc. Practice of Continuous Integration and Continuous Delivery with practical exposure with automation tools like Jenkins, Ansible, Chef, and Puppet.
- Experience with DevOps processes in a Cloud/SaaS environment, service-oriented architecture, web services/API security, understanding of cloud, virtualization, APIs, and modern software languages and experience with Agile and lean philosophies.
Preferred qualifications, capabilities, and skills
- Cloud Certifications is a plus especially the AWS Certified Security
- Cyber Security Domain experience/CISSP and/or Cryptography experience/knowledge is a plus
- Background in IAM (Identity & Access Management) concepts, technologies, and products like Key Management, ADFS, OAuth 2.0, SAML, CyberArk, HashiCorpVault, Beyond Trust, etc. is a plus.