Security Lead Software Engineer

Job Description
Originating from Chase in 2021, we are a team dedicated to creating customer-centric products. Our success relies on collaboration, curiosity, and commitment, nurtured in an environment promoting skill development.
As a Lead Security Engineer at JPMorgan Chase within the accelerator program, you are the heart of this venture, focused on getting smart ideas into the hands of our customers. You have a curious mindset, thrive in collaborative squads, and are passionate about new technology. By your nature, you are also solution-oriented, commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects - and depending on your strengths and interests, you'll have the opportunity to move between them.
While we're looking for professional skills, culture is just as important to us. We understand that everyone's unique - and that diversity of thought, experience and background is what makes a good team, great. By bringing people with different points of view together, we can represent everyone and truly reflect the communities we serve. This way, there's scope for you to make a huge difference - on us as a company, and on our clients and business partners around the world.
Job responsibilities

• Cultivate security culture Working with Product and Engineering colleagues, be the security champion that strives to prioritize sustainable controls and driving real risk reduction outcomes.
• Build secure products ensure security is considered throughout the Product and Software Development Life Cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
• Ensure security thought leadership Keep up on security best practice and be a continuous learner. Guide and define our security practices and standards end-to-end, be recognized as a point of escalation and subject matter expert for IT Risk and Cyber domains.
• Work together We work together with product and engineering, we help to solve problems and not just calling out issues, We also operate within a larger business and align with the wider security function across JPMC.
• Ensure we are deploying products into a secure environment, aligning with the FIRM control requirements, supporting on-going business-as-usual, vulnerability management, internal security consultancy, audit and regulatory engagements, risk activities and project initiatives. Work closely with Third Party Oversight teams to ensure effective technology risk management, with a focus on Cloud computing / emerging technologies.

Required qualifications, capabilities and skills

• Formal training or certification on security engineering concepts and applied experience
• Extensive experience in an engineering role with heavy focus on security.
• Excellent knowledge of best-practices for securing Micro-service architectures.
• Excellent knowledge of securing Kubernetes environments.
• Excellent knowledge of methods for authentication, authorization (ODIC, OAuth 2, FIDO 2 .etc..)
• Excellent knowledge of modern SDLC practices with a focus on embedding security into CI/CD pipelines.
• Excellent knowledge of all of the above concepts in the context of at least one (ideally more!) public cloud provider (AWS,GCP,Azure)
• A desire to teach others and share knowledge. We aren't looking for hero engineers, we look for team players. We want you to coach other team members on security coding practices, design principles, and implementation patterns.
• Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly.
• Ability to see the long term. We don't want you to sacrifice the future for the present. We want you to choose technologies and approaches based on the end goals.
• Clarity of thought. We operate quickly and efficiently, and we value people who are economical with their time and clear with their opinions.

Preferred qualifications, capabilities and skills

• Understanding of applied cryptography - symmetric/asymmetric cryptography, Certificate management.
• Knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS)
• Understanding of security vulnerabilities and remediation options in codebases (Java/Kotlin/etc) & containers
• Excellent knowledge of security/identity SaaS vendors (Auth0, Forgerock, Keycloak)

#ICBcareer #ICBEngineering
About Us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
About the Team
Our Corporate Technology team relies on smart, driven people like you to develop applications and provide tech support for all our corporate functions across our network. Your efforts will touch lives all over the financial spectrum and across all our divisions: Global Finance, Corporate Treasury, Risk Management, Human Resources, Compliance, Legal, and within the Corporate Administrative Office. You'll be part of a team specifically built to meet and exceed our evolving technology needs, as well as our technology controls agenda.