Lead Security Engineer

As a Platform Engineer at JPMorgan Chase within the Platform SDLC team, you will be central to our efforts, focused on delivering innovative ideas to our customers. You should have a curious mindset, thrive in collaborative squads, and be passionate about new technology. You are solution-oriented, commercially savvy, and interested in fintech. You will work within tribes and squads dedicated to specific products and projects, with opportunities to move between them based on your strengths and interests.

We value culture highly alongside professional skills. We believe that diversity of thought, experience, and background makes a team great. Bringing together different perspectives allows us to better serve our communities and make a significant impact on our company, clients, and partners worldwide.

In this critical role, you will be part of a high-performing team delivering secure software solutions, shaping the future of software security at one of the world's largest companies.

• Design and enforce security best practices in public cloud environments (AWS, Azure, GCP).
• Define and implement infrastructure as Code (IaC), and work with CI/CD pipelines and automation tools.
• Integrate security testing into CI/CD pipelines (e.g., SCA, SAST, DAST).
• Conduct code reviews, threat modeling, and vulnerability assessments on applications.
• Develop production deployment strategies, thinking beyond routine approaches.
• Create scripts and automation to streamline security operations, using Python or Go.
• Collaborate effectively with third-party vendors and internal teams.
• Maintain security by following industry insights and regulations, and by evolving security protocols.
• Evaluate security architecture and work to simplify and automate security measures.
• Work with stakeholders to understand security needs and recommend improvements.
• Analyze current architecture and applications, providing security guidance.
• Develop frameworks and tools for automated threat detection.
• Ensure security controls are tested and hardened during deployments.
• Assess technology risks, including cyber security and application threats.
• Build strong relationships with external teams and share knowledge for continuous improvement.

• Formal training or certification in Engineering or Cybersecurity, with 5+ years of relevant experience in deploying enterprise software to public cloud platforms.
• Proven skills in designing and implementing enterprise security solutions.
• Strong programming or scripting skills for automation.
• Knowledge of the Software Development Life Cycle.
• Analytical problem-solving skills and ability to address complex challenges.
• Understanding of agile methodologies, CI/CD, application resiliency, and security.
• Experience applying security testing within CI/CD pipelines.
• Experience with Cloud Native Security tools (Kubernetes, Docker).

• Cloud certifications focused on GCP, such as Certified Solutions Architect or DevOps Engineer.
• Experience deploying enterprise software at scale.
• Effective communication skills with senior business leaders.

#ICBCareers

J.P. Morgan is a global leader in financial services, providing strategic advice and products to top corporations, governments, wealthy individuals, and institutional investors. We aim to build trusted, long-term partnerships to help our clients achieve their objectives. We value diversity and inclusion, and are committed to equal opportunity, accommodating various needs and backgrounds.

Our corporate functions span finance, risk, human resources, and marketing, playing a vital role in setting up our business and ensuring success for our clients, customers, and employees.