Lead Security Engineer

Job Description

As a Platform Engineer at JPMorgan Chase within the Platform SDLC team, you are central to our mission of delivering innovative solutions to our customers. You possess a curious mindset, excel in collaborative environments, and have a passion for new technology. You are solution-oriented, commercially savvy, and have a keen interest in fintech. You will work within tribes and squads focused on specific products and projects, with opportunities to move between them based on your strengths and interests.

We value diversity of thought, experience, and background, believing it makes our team stronger. By bringing together different perspectives, we aim to reflect the communities we serve and make a significant impact on our company, clients, and partners worldwide.

Take on a vital role as part of a high-performing team delivering secure software solutions. Contribute to shaping the future of software security at one of the world's leading financial institutions.

As a Lead Security Engineer within the Platform team, you will be instrumental in delivering software solutions that meet functional and user requirements while preventing misuse and malicious behavior. You will carry out critical technology solutions with tamper-proof, audit-defensible methods across various technical domains and business functions.

1. Design and enforce security best practices in public cloud environments (AWS, Azure, GCP).
2. Define and implement infrastructure as Code (IaC), work with CI/CD pipelines, and automation tools.
3. Integrate security testing into CI/CD pipelines (e.g., SCA, SAST, DAST).
4. Conduct code reviews, threat modeling, and vulnerability assessments on applications.
5. Develop production deployment strategies that go beyond routine approaches to meet stakeholder needs.
6. Create scripts and automation to streamline security operations, using Python or Go.
7. Collaborate effectively with third-party vendors and internal teams.
8. Continuously evolve security protocols based on industry insights and regulations.
9. Evaluate security architecture, seeking simplification, optimization, and automation.
10. Work with stakeholders to understand security needs and recommend modifications during vulnerabilities.
11. Analyze current architecture and processes to provide security guidance.
12. Develop frameworks and tools for automated threat detection.
13. Ensure security controls are hardened through testing and deployment.
14. Assess technology risks, including cyber security weaknesses and application threats (e.g., OWASP).
15. Build strong relationships with external teams and share knowledge for mutual benefit.

• Formal training or certifications in Engineering and/or Cybersecurity, with 5+ years of relevant experience in deploying enterprise software to public clouds.
• Experience designing and implementing enterprise security solutions.
• Proficiency in scripting languages for automation and integration.
• Knowledge of the Software Development Life Cycle.
• Strong problem-solving skills and analytical thinking.
• Understanding of agile methodologies, including CI/CD, application resiliency, and security.
• Experience applying security testing within CI/CD pipelines.
• Knowledge of Cloud Native Security, including Kubernetes and Docker.

• Cloud certifications focusing on GCP, such as Certified Solutions Architect or DevOps Engineer.
• Experience deploying commercial software at scale in enterprise environments.
• Effective communication skills with senior business leaders.

About Us

J.P. Morgan is a global leader in financial services, providing strategic advice and products to prominent clients worldwide. Our approach focuses on building trusted, long-term partnerships to help clients achieve their objectives. We value our diverse workforce and are committed to equal opportunity and inclusion, accommodating various needs and backgrounds.

About The Team

Our corporate functions encompass finance, risk, human resources, and marketing, playing a vital role in our company's success by supporting our businesses, clients, and employees.