JPMorgan Lead Security Engineer - Cryptography 

United States, California, Palo Alto 

551314174

As a Lead Security Engineer- Cryptography you will help leverage innovative cryptography at JPMorgan Chase. As a member of
the Emerging Technologies Securitygroup within the Cybersecurity & Technology Controls organization, you will work alongside cryptographers and a group of passionate security engineers to solve complex security problems and support the deployment of cryptography-based solutions.

The position requires extensive software development experience and strong industry experience in combining cryptography and security best-practices to secure complex IT infrastructure, customer-facing services, and sensitive customer and enterprise data.

Job responsibilities

• Assess existing cryptographic libraries
• Evaluate existing crypto-agile approaches and tools - help define and implement JPMC-centric solutions
• Define and develop tools or libraries for cryptography services
• Review architecture document for security services
• Assist with performance impact assessment of post-quantum cryptography implementations
• Conduct source code security review
• Communicate ongoing work with other teams or organizations
• Collaborate with cryptographers on specific topics

Required qualifications, capabilities, and skills

• Formal training or certification on security engineering concepts and 5+ years applied experience
• Solid track record of using cryptography software frameworks including, but not limited to, Java JCA and/or Bouncy Castle
• Strong understanding in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, block ciphers
• Strong understanding of network security protocols (TLS, SSH, IPsec etc.)
• Strong track record in software development, with experience working with tools like Github, Junit, Maven, Jenkins, CI/CD
• Proficiency in Java. Other programming languages like Go, C/C++, Python, C#, JavaScript or shell scripting good to have
• Good knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509)
• Security solution development utilizing cryptographic agility principles
• Ability to convey complex concepts and ideas in a clear and concise manner to a wide range of audience
• Proven track record in working with diverse teams to achieve goals
• Driving enterprise-wide transformative security technology initiatives

Preferred qualifications, capabilities, and skills

• Familiarity with upcoming NIST post-quantum cryptography standards and related migration efforts
• Basic knowledge on cryptanalysis, crypto system threat modeling and analysis
• NIST key management best practices
• Technology security certifications, e.g., FIPS 140-2/3, Common Criteria, PCI
• AWS, Docker
• Engineering and managing cryptographic systems for enterprise applications and infrastructure
• MS or BS in computer science, preferably with a focus on security and/or cryptography