Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity Technology and Controls organization, you are an integral part of an agile team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Drive significant business impact through your capabilities and contributions and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.

Job responsibilities

Facilitates security requirements clarification for multiple networks to enable multi-level security to satisfy organizational needsWorks at code-level using Python and drives the maturity of the Cybersecurity software development lifecycle with advanced understanding of line of business technology driversPerforms deployment, administration, management, configuration, testing, document, operations and integration tasks related to the Cloud Network Security Platforms and champion a DevOps security model to ensure security is automated and elastic across all platforms . Leads and develops new Cloud Security ImplementationsDesigns and develops strategies to provide end-to-end automation, architecture design, performance and monitoring, best practices, proof of concepts, product design, and transition to operationsEnsures quality control of engineering deliverables and ensures firm policies are compliant with strict security standards. Drives decision making by analyzing complex data systems, ensures all engineering activities are in conformance with firm policies & objectivesLeverages DevOps tools to build, harden, maintain and develops a comprehensive Cloud-based security orchestration platform for network security and infrastructure as codeDevelops automated security and compliance capabilities in support of DevOps processes in a large-scale Cloud computing environment

Collaborates with technologists, stakeholders, and senior business leaders to recommend business modifications during periods of vulnerability. Be responsible for triaging based on risk assessments of various threats and managing resources to cover impact of disruptive events

Required qualifications, capabilities, and skills

Formal training or certification on Security Engineering concepts and 5+ years applied experienceAdvanced hands-on coding experience in Python/Go and Terraform. Expertise with AWS Infrastructure such as networking, EC2, Lambdas, server-less solutions, VPC, routes53, autoscaling, Transit Gateway, API Gateway, Step Functions, secrets manager and storage servicesProficient in core concepts for Networking, IaaC, Public Cloud architecture and Cloud SecurityExpertise developing and designing complex cloud architectures, deploying of scalable solutions, creating and handling CI/CD pipelines, application resiliency, security design and implementation, and triaging issues in Agile Software Development Lifecycle methodologyExtensive experience with threat modeling, discovery, vulnerability, and penetration testingAbility to tackle design and functionality problems independently with little to no oversightCollaborate with cross-functional teams, including IT, development, and operations, to ensure web application security.
Deploy and configure web application firewalls to protect web applications from threats such as SQL injection, cross-site scripting (XSS), and other OWASP Top Ten vulnerabilities. Customize WAF rules and policies to meet the specific security needs of the organization.

Experience with WAF technologies such as AWS WAF, Akamai, Cloudflare, or similar.

Preferred qualifications, capabilities, and skills

 

Certifications in AWS, Networking, or Security.