JPMorgan Sr Lead Security Engineer - Vulnerability Management 

United States, Ohio 

209952085

Job responsibilities

• Develop and maintain secure data pipelines to ingest, process, and analyze security data from vulnerability scanners and data platforms
• Design and develop high-quality code and automation tools using Python and Java to enhance the efficiency and effectiveness of security operations
• Collaborate with security engineers and architects to integrate security data and automation solutions into existing security infrastructure and processes
• Work with stakeholders and business leaders to understand security needs and recommend data-drive enhancements to the vulnerability assessments program
• Minimize security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls
• Adds to team culture of diversity, equity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on software engineering concepts and 5+ years applied experience developing security engineering solutions.
• Skilled in planning, designing, and implementing enterprise-level security solutions
• Advanced in one or more programming languages - Python
• Advanced knowledge of software application development and technical processes with considerable in-depth knowledge in one or more technical disciplines (e.g., cloud, artificial intelligence, machine learning, mobile, etc.)
• Experience leading and managing technology projects
• Extensive experience with threat modeling, discovery, vulnerability, and penetration testing
• Ability to tackle design and functionality problems independently with little to no oversight
• Practical cloud native experience (AWS, GCP, Azure)

Preferred qualifications, capabilities, and skills

• Experience with security compliance frameworks and standards, such as PCI-DSS, ISO 27001, and NIST.
• Strong understanding of network security principles and practices.
• Proficiency with relational and NoSQL databases, with experience in data manipulation, query optimization, and database security
• Knowledge of secure coding practices and secure software development lifecycle (SDLC).
• Certifications such as CISSP, CEH, or GIAC are a plus.