Lead Security Engineer

As a Platform Engineer at JPMorgan Chase within the Platform SDLC team, you are central to our efforts to deliver innovative solutions to our customers. You should have a curious mindset, excel in collaborative environments, and be passionate about new technology. You are solution-oriented, commercially savvy, and have an interest in fintech. You will work within tribes and squads focused on specific products and projects, with opportunities to move between them based on your strengths and interests.

We value culture highly and believe that diversity of thought and background makes our team stronger. We aim to create an inclusive environment where everyone can make a significant impact, benefiting our company, clients, and business partners worldwide.

In this role, you'll be a key member of a high-performing team delivering secure software solutions, helping shape the future of software security at one of the world's largest companies.

• Design and enforce security best practices in public cloud environments (AWS, Azure, GCP).
• Define and implement infrastructure as Code (IaC), manage CI/CD pipelines, and develop automation tooling.
• Integrate security testing into CI/CD pipelines (e.g., SCA, SAST, DAST).
• Conduct code reviews, threat modeling, and vulnerability assessments.
• Design and develop production deployments, thinking beyond routine approaches.
• Develop scripts and automation using Python or Go to streamline security operations.
• Collaborate with third-party vendors and internal teams effectively.
• Maintain security by following industry standards and regulations, and assess current controls.
• Evaluate security architecture, aiming to simplify and automate security measures.
• Work with stakeholders to understand security needs and recommend modifications during vulnerabilities.
• Analyze current architecture and provide guidance on security improvements.
• Develop frameworks and tools for automated threat detection.
• Harden security controls through testing and deployment processes.
• Assess technology risks, including cybersecurity threats and application security issues.
• Build relationships with external teams and share knowledge for collective improvement.

• Formal training or certification in Engineering or Cybersecurity, with 5+ years of experience in roles like cloud engineer, deployment engineer, or DevOps engineer.
• Experience designing and implementing enterprise security solutions.
• Proficiency in scripting languages for automation (Python, Go, etc.).
• Understanding of the Software Development Life Cycle.
• Strong problem-solving skills and analytical thinking.
• Knowledge of agile methodologies, CI/CD, application resiliency, and security practices.
• Experience with Security Testing in CI/CD pipelines.
• Experience with Cloud Native Security tools (Kubernetes, Docker).

• Cloud certifications, especially GCP-focused, such as Certified Solutions Architect or DevOps Engineer.
• Experience deploying software at scale in enterprise environments.
• Excellent communication skills with senior business leaders.

J.P. Morgan is a global leader in financial services, committed to building trusted, long-term partnerships. We value diversity and inclusion, and are an equal opportunity employer, providing accommodations for various needs.

Our Corporate Functions team supports finance, risk, HR, marketing, and more, ensuring our business, clients, and employees succeed.