JPMorgan Lead Security Engineer - Vulnerability Management 

United States, Ohio 

613693692

Job responsibilities

• Deploy, configure, and manage vulnerability scanning tools to ensure comprehensive security assessments across on-premise and cloud environments.
• Develop and maintain firewall rules and access requests to facilitate secure and efficient scanning operations.
• Execute creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems.
• Develop secure and high-quality scripts and automation tools to enhance the efficiency and effectiveness of vulnerability scanning processes.
• Minimize security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls.
• Work with stakeholders and business leaders to understand security needs and recommend business modifications to the vulnerability management program.
• Add to team culture of diversity, equity, inclusion, and respect.

Required qualifications, capabilities, and skills

• Formal training or certification on software engineering concepts and 5+ years applied experience developing security engineering solutions.
• Experience with deploying, configuring, and managing vulnerability scanning tools in both on-premise and cloud environments.
• Strong networking skills, including knowledge of firewall configurations and network protocols.
• Experience with automation tools and frameworks to streamline vulnerability management processes.
• Proficient in all aspects of the Software Development Life Cycle
• Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security.
• Experience with threat modeling, discovery, vulnerability, and penetration testing.
• Skilled in planning, designing, and implementing enterprise-level security solutions.

Preferred qualifications, capabilities, and skills

• Experience effectively communicating with senior business leaders.Familiarity with both on-premise and cloud-based security architectures.
• Experience with security compliance frameworks and standards, such as PCI-DSS, ISO 27001, and NIST.
• Strong understanding of network security principles and practices.
• Knowledge of secure coding practices and secure software development lifecycle (SDLC). Ability to work collaboratively in a team environment and contribute to a culture of diversity, equity, inclusion, and respect.
• Certifications such as CISSP, CEH, or GIAC are a plus.