Job description

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity and Technology Controls, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. CTC IAM Risk Discovery is focused on enabling secure products in the IAM space that possess a transparent risk posture. We develop people, process, and technology that help product teams to identify security/privacy and operational risk during their product lifecycle, and surface that risk to inform tactical mitigation, strategic direction, and measurable improvement of product quality. Job responsibilities • Design, develop, integrate, and maintain custom, data-driven security posture and vulnerability management solutions within the enterprise environment. • Collaborate with other software engineering teams as necessary to integrate security products and workflows in Java, Python, PowerShell, and other languages. • Lead or support vulnerability management efforts, including tooling and workflow automation. • Develop and implement security and risk scoring strategies to guide remediation efforts. • Conduct security assessments and provide remediation guidance to various teams. • Identifies and implements tools and processes to allow efficient sharing of data and information to promote business agility while ensuring regulatory compliance • Evaluates and proposes new security-related products and services • Assists with forensic analysis of security incidents • Continually assesses new trends in technology and determines implications on the overall security control process • Drives security engineering thought leadership within the product line • Champions the firm’s culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills • Formal training or certification on software engineering concepts and at least 5 years applied experience • Experience developing security engineering solutions for public cloud-based applications and infrastructure • Experience applying expertise and new methods to determine net new solutions for complex technology problems in one or more technical disciplines • Fluent in one or more scripting languages such as Python, PowerShell, or equivalent. • Good working knowledge of Microsoft Active Directory and EntraID. • Experience with ServiceNow, Atlassian Jira, or other security workflow/incident management tools and API integrations. • Experience integrating vulnerability management tools and processes programmatically. • Awareness of data management, refinement, and enrichment techniques and implementation strategies • Strong knowledge of cybersecurity architecture, applications, and technical processes with focus in one or more technical disciplines (e.g., IAM, Data Engineering, etc.) • Some experience with threat modeling preferred Preferred qualifications, capabilities, and skills • Strong understanding of graphing databases (Neo4J, GraphDB, etc.) • Experience in red/blue/purple teaming or adversary emulation/defense tooling is a significant advantage • Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.

Requirements