Job responsibilities
- Engages (hands-on) in managing endpoint security for the entire JPMC's server estate which powers some of the most innovative business applications in the financial industry globally
- Utilizes a deep understanding of the threat landscape and risk to build security into products and new features
- Partners with and advise engineering, product, and risk teams on security best practices and help shape the endpoint security strategy for the firm
- Works with vendors to escalate problems and receive timely resolutions
- Enables product strategy and keep the firm safe by analyzing complex data systems, anticipating problems, and finding ways to mitigate risk
- Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
- Defines the technical target state of their cybersecurity product and drives achievement of the strategy
- Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall cybersecurity of software applications and systems
- Leads evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture
- Leads communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies
- Adds to team culture of diversity, equity, inclusion, and respect
Required qualifications, capabilities, and skills
- Formal training or certification on cybersecurity architecture concepts and 5+ years applied experience
- Solid experience in managing endpoint security in enterprise environments (Managing Anti-Virus, EDR, Creating and reviewing hardening baselines for Windows, Mac OS and Red Hat Linux servers, configuration drift management)
- Good understanding of industry frameworks like MITRE ATT&CK, NIST, CIS etc.
- Hands-on experience with infrastructure attacks, including familiarity with red teaming techniques, tradecrafts and tools.
- Ability to make informed decisions related to risks, exclusions and assess scenarios from an attack-centric approach
- Demonstrable development/scripting/automation experience in at least one of Java, Python, Go, PowerShell
- Ability to lead and drive meetings with global teams when there is a need
- Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls
- Proficiency in automation and continuous delivery methods
- Practical cloud native experience
- Experience effectively communicating with senior business leaders
Preferred qualifications, capabilities, and skills
- Offensive Security skills such as Penetration Testing and/or Security certifications from reputed bodies
- Knowledge in public cloud environments such as AWS and any relevant certifications
- Prior experience in Threat Modeling
- Experience with usage of SIEM tools
- Thorough knowledge of network protocols
- Willingness to learn and drive to excel