JPMorgan Senior Lead Security Engineer - Cloud 

United States, Ohio, Columbus 

729746127

Job responsibilities

• Support the execution and enhancement of a long term information risk and control strategy designed to keep the information assets of the public cloud secure.
• Lead cloud infrastructure platform security review and threat modelling, including code reviews
• Deliver risk based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
• Support business technology teams to understand firm control requirements and implementations across a broad range of cloud architectures.
• Contribute to documentation and agile processes in support of security programs.
• Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.
• Facilitates security requirements clarification for multiple networks to enable multi-level security to satisfy organizational needs
• Works with stakeholders and senior business leaders to recommend business modifications during periods of vulnerability
• Be responsible for triaging based on risk assessments of various threats and managing resources to cover impact of disruptive events
• Adds to team culture of diversity, equity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on security engineering concepts and 5+ years applied experience developing, engineering or architecting within a public cloud environment.
• Skilled in planning, designing, and implementing enterprise-level security solutions
• Experience following agile practices like Test Driven Development (TDD) and Behavior Driven Development(BDD)
• Experience engineering with Terraform or infrastructure-as-code and Understanding of DevOps or CI/CD concepts
• Advanced in one or more programming languages
• Advanced knowledge of software application development and technical processes with considerable in-depth knowledge in one or more technical disciplines (e.g., cloud, artificial intelligence, machine learning, mobile, etc.)
• Ability to tackle design and functionality problems independently with little to no oversight
• Practical cloud native experience (i.e. AWS, Azure and/or GCP)
• Eagerness to collaborate in a team, and comfortable in both virtual and office environments
• Self-disciplined, self-managed, self-motivated and strong sense of ownership, urgency, and drive
• Proficient verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, peer groups, regulators and senior stakeholders

Preferred qualifications, capabilities, and skills

• Leadership experience would be advantageous
• Extensive experience with threat modeling, discovery, vulnerability, and penetration testing
• Familiarity with Cloud Security Posture Management (CSPM) products (i.e. Wiz, Prisma Cloud, CloudGuard, Orca Security, CrowdStrike Falcon Cloud Security, MS Defender…)
• Accreditation/Certifications:
  • AWS Certified Practitioner/Cloud Engineer/Software Development Engineer/Cloud Security Engineer/Cloud Security Architect/Application Architect
  • Google Certified Professional Cloud Security Engineer and/or Microsoft Certified: Azure Security Engineer Associate
  • CISSP