Cybersecurity Engineering & Architecture - Central OH ISSA Conference

JPMC Security Engineers/Architects design and build technology controls for software systems to ensure controls become an integral part of the system’s operational capabilities. The primary goal is to implement software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing or discovering misuse, circumvention, malicious behavior, and system weaknesses. Constraints and restrictions are asserted as a security policy, implemented in software, and evidenced in tamper-proof, audit defensible methods. Security engineers balance the security outcomes of their systems with the user friction/toil to ensure scale and sustainability are met while meaningfully reducing risk.

As a Security Engineer/Architect at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you are an integral part of an agile team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Drive significant business impact through your capabilities and contributions and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.

Job responsibilities

• Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems
• Develops secure and high-quality production code 
• Reviews and debugs code written by others
• Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls
• Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability
• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
• Actively contributes to the engineering community as an advocate of firm wide frameworks, tools, and practices of the Software Development Life Cycle 

Required qualifications, capabilities, and skills

• Formal training or certification on software engineering/architecture concepts 
• Applied experience in planning, designing, and implementing enterprise-level security solutions
• Fluent understanding of the Software Development Life Cycle (SDLC).
• Advanced capabilities in one or more programming/scripting  languages (e.g. Java, Python, C/C++, etc.)
• Experience in planning, designing, and implementing enterprise-level security solutions
• Practical cybersecurity experience in one or more of the following technology disciplines to include AI/ML, Application Development, Cloud, Infrastructure, Mobile, Offensive Security (Pen Testing, Red Teaming, etc.), and Vulnerability Management among others.
• Understanding of agile methodologies such as CI/CD, Application Resiliency, and Security
• Practical cloud native experience (i.e. AWS, Azure and/or GCP)

Preferred qualifications, capabilities and skills

• Experience with web, API and microservices technologies (Web applications, Web Services, Service Oriented Architectures)
• Experience with Infrastructure as Code (IaC) utilizing tools such as Terraform. 
• Experience with Threat Modeling (i.e., STRIDE, MITRE, VAST, DREAD, IriusRisk, PASTA, etc.)
• Experience with Vendor Product Management/Services/Tooling
• Accreditation/Certifications:
  • AWS – Practitioner; Cloud Engineer; Software Development Engineer; Cloud Security Engineer; Cloud Security Architect; Application Architect
  • Offensive Security – OSCP; OSWP; OSCE; OSEE; OSWE; OSEP; CEH