As a Lead Security Engineer at JPMorgan Chase within the Cyber Security and Tech Controls, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions.
Job responsibilities
- Manage the creation and maintenance of Governance & Control and Assessment's breaks and remedies to keep them evergreen and ensure alignment with industry leading practices and regulatory requirements
- Drive a risk mitigating culture to proactively identify, assess, and manage inherent risks within technology and services .Communicate risk and control management reports to key stakeholders on a timely basis
- Provide leadership and advice on material remediation activities, ensuring appropriate resolution of issues, action plans, breaks and remedies and support the closure verification process
- Leverage data analytics, conduct trend analysis to identify thematic issues, determine root causes, and design sustainable control improvements with Product, Technology & Architecture teams, including process enhancements and use of automated data collection techniques. Facilitate SDLC pre-implementation control design reviews
- Executes standard security solutions in accordance with existing playbooks to satisfy security requirements for internal clients (e.g., product, platform, and application owners)
- Applies specialized tools (e.g., vulnerability scanner) to analyze and correlate incident data to identify, interpret, and summarize probability and impact of threats when determining specific vulnerabilities . Supports delivery of continuity-related awareness, training, educational activities, and exercises
Required qualifications, capabilities, and skills
- Formal training or certification on security engineering concepts and 5+ years applied experience.
- Basic experience developing security engineering solutions
- Able to contribute to in-depth analysis of vulnerabilities, threats, designs, procedures and architectural design with focus on recommendations for enhancements or remediation
- Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization
- Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills
- Experience across the whole Software Development Life Cycle . Exposure to agile methodologies such as CI/CD, application resiliency, and security
- Working knowledge of information and network security, IT risk management, and architectural concepts and patterns
- Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
Preferred qualifications, capabilities, and skills
- Knowledge of controls associated with the key infrastructure capabilities, such as but not limited to:
- Network perimeters and firewall security configuration
- System hardening standards and configuration monitoring
- Remote and local network access management
- Authentication and Authorization protocols and implementations