JPMorganChase Logo

JPMorganChase

Product Security Lead Software Engineer

Posted 4 Days Ago
Be an Early Applicant
Hybrid
London, Greater London, England
Senior level
Hybrid
London, Greater London, England
Senior level
As a Product Security Lead Software Engineer at JPMorgan Chase, you will focus on embedding security throughout the product and software development life cycle, ensuring that secure products are deployed in compliance with control requirements. You will champion security culture, provide thought leadership, and collaborate with teams on risk reduction and vulnerability management in cloud-computing environments.
The summary above was generated by AI

Job Description
Originating from Chase in 2021, we are a team dedicated to creating customer-centric products. Our success relies on collaboration, curiosity, and commitment, nurtured in an environment promoting skill development.
As a Lead Security Engineer at JPMorgan Chase within the accelerator program, you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects - and depending on your strengths and interests, you'll have the opportunity to move between them.
While we're looking for professional skills, culture is just as important to us. We understand that everyone's unique - and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference - on us as a company, and on our clients and business partners around the world.
Job responsibilities

  • Cultivate security culture Working with Product and Engineering colleagues, be the security champion that strives to prioritize sustainable controls and driving real risk reduction outcomes.
  • Build secure products ensure security is considered throughout the Product and Software Development Life Cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
  • Ensure security thought leadership Keep up on security best practice and be a continuous learner. Guide and define our security practices and standards end-to-end, be recognized as a point of escalation and subject matter expert for IT Risk and Cyber domains.
  • Work together We work together with product and engineering, we help to solve problems and not just calling out issues, We also operate within a larger business and align with the wider security function across JPMC.
  • Ensure we are deploying products into a secure environment, aligning with the FIRM control requirements, supporting on-going business-as-usual, vulnerability management, internal security consultancy, audit and regulatory engagements, risk activities and project initiatives. Work closely with Third Party Oversight teams to ensure effective technology risk management, with a focus on Cloud computing / emerging technologies.


Required qualifications, capabilities and skills

  • Formal training or certification on security engineering concepts and applied experience
  • Extensive experience in an engineering role with heavy focus on security.
  • Excellent knowledge of best-practices for securing Micro-service architectures.
  • Excellent knowledge of securing Kubernetes environments.
  • Excellent knowledge of methods for authentication, authorization (ODIC, OAuth 2, FIDO 2 .etc..)
  • Excellent knowledge of modern SDLC practices with a focus on embedding security into CI/CD pipelines.
  • Excellent knowledge of all of the above concepts in the context of at least one (ideally more!) public cloud provider (AWS,GCP,Azure)
  • A desire to teach others and share knowledge. We aren't looking for hero engineers, we look for team players. We want you to coach other team members on security coding practices, design principles, and implementation patterns.
  • Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly.
  • Ability to see the long term. We don't want you to sacrifice the future for the present. We want you to choose technologies and approaches based on the end goals.
  • Clarity of thought. We operate quickly and efficiently, and we value people who are economical with their time and clear with their opinions.


Preferred qualifications, capabilities and skills

  • Understanding of applied cryptography - symmetric/asymmetric cryptography, Certificate management.
  • Knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS)
  • Understanding of security vulnerabilities and remediation options in codebases (Java/Kotlin/etc) & containers
  • Excellent knowledge of security/identity SaaS vendors (Auth0, Forgerock, Keycloak)


#ICBcareer #ICBEngineering
About Us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
About the Team
Our Corporate Technology team relies on smart, driven people like you to develop applications and provide tech support for all our corporate functions across our network. Your efforts will touch lives all over the financial spectrum and across all our divisions: Global Finance, Corporate Treasury, Risk Management, Human Resources, Compliance, Legal, and within the Corporate Administrative Office. You'll be part of a team specifically built to meet and exceed our evolving technology needs, as well as our technology controls agenda.

Top Skills

Java
Kotlin

JPMorganChase London, England Office

25 Bank Street, Canary Wharf, London, United Kingdom, E14 5JP

Similar Jobs at JPMorganChase

Be an Early Applicant
2 Days Ago
London, Greater London, England, GBR
Hybrid
289,097 Employees
Senior level
289,097 Employees
Senior level
Financial Services
As a Senior Incident Response Analyst, you will enhance cybersecurity by conducting threat analysis and incident response. Responsibilities include monitoring security infrastructure, conducting in-depth investigations, developing threat detection playbooks, and collaborating with teams on security strategies. Your work will impact the organization's ability to protect data assets and maintain security integrity.
Be an Early Applicant
4 Days Ago
Bournemouth, Dorset, England, GBR
Hybrid
289,097 Employees
Mid level
289,097 Employees
Mid level
Financial Services
The Technology Support III role involves ensuring the operational stability of application flows, troubleshooting and resolving production issues, analyzing trends and incidents, and collaborating across business and technology teams to enhance processes in a large-scale tech environment.
Be an Early Applicant
4 Days Ago
London, Greater London, England, GBR
Hybrid
289,097 Employees
Senior level
289,097 Employees
Senior level
Financial Services
As a Web Application Product Security Lead, you'll enhance security across web applications in consumer banking, provide technical guidance, automate vulnerability detection processes, and collaborate with development teams to mitigate risks while defining best practices.

What you need to know about the London Tech Scene

London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account