As a Cloud Resiliency Testing Engineer within the Firmwide Technology Resiliency organization, you will be responsible for partnering with various teams across the firm to develop real-life scenarios and appropriate solutions where gaps exist. You will ensure that resiliency is designed across the life cycle of both infrastructure technology and applications, thereby promoting the timely and successful execution of the firm-wide Recovery and Resiliency strategy within the Cloud and Cyber Testing arenas.
The Firmwide Technology Resiliency organization is tasked with ensuring the Firm’s technology estate can maintain effective operations and support the ongoing, critical functioning of Essential Business Services in the face of today’s evolving threat landscape. The Firmwide Technology Resiliency team partners across all JPMC Lines of Business and Corporate Functions to drive & deliver the following:
- Proactive, threat-informed testing, simulations, & assessments that validate readiness and drive down residual risk.
- An end-to-end technology resiliency control framework linked to robust governance & reporting structures to ensure appropriate visibility and accountability.
- A multi-year, prioritized resiliency investment strategy focused on uplifting core tooling, capabilities, and controls to enable the Firm’s top strategic priorities across key areas such as Public Cloud, Technology Modernization, AI/ML, and ongoing business expansion (among others).
- Proactive threat and vulnerability analyses that ensure the above activities are grounded in the current risk landscape and most plausible disruptive scenarios.
Job responsibilities
- Providing vision and execution of modernize firm-wide test events
- Acting as the focal point for deploying new testing paradigms across multiple LOBs and all individual groups within Technology (e.g., desktop services, network services, distributed technology, data centers, production services, and risk and security) and their respective organizational technology continuity plan responsibilities.
- Work closely with Line of Business architects and Infrastructure Product technologists to develop resilient architectures, design patterns and solutions that cover the Firm’s primary Plausible Disruptive Event scenarios
- Partner with the Firmwide Simulation Utility (FSU), the Firmwide Business Resiliency (FBR), and Infrastructure and Application development teams to develop new testing scenarios and capabilities
- Provide key SME leadership across the technology organization on resiliency programs and initiatives
- Provide guidance and oversight in the development and implementation of resiliency controls to provide continuous monitoring of the Firm’s capability to recover from a disruptive event
- Ensure that recovery playbooks are clearly defined, documented, communicated, adhered to, are audit compliant, and support associated application and business recovery objectives
Required qualifications, capabilities, and skills
- Formal training or certification on software engineering concepts and 5+ years applied experience
- Hands-on technical depth in at least one or more of the following types of roles, Infrastructure and/or Application engineering architecture or SRE with both Private and Public Cloud
- Hands-on experience including Design, Assessment, Pattern development, and End-to-End Solution Design.
- Knowledge of network architecture concepts, including topology, protocols, components, principles, fault domains and failure modes
- Current understanding of latest cyber threats, attacking techniques and mitigating strategies
- Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly / minimization...)
- Familiarity with Infrastructure as Code (IaC) principles and tooling (i.e. Terraform)
- Skilled in conducting application and infrastructure design reviews/assessment and recognizing weaknesses vulnerabilities in systems
- Experience in disaster and/or cyber recovery planning and testing
- Proven ability to build strong, cohesive partnerships with the business, operations, technology & other key stakeholders, including external vendor partners
Preferred qualifications, capabilities, and skills
- Experience working with external auditors and regulators. Prior experience maintaining regulatory & financial industry engagement to support the strengthening of sector-level resiliency & readiness.
- Experience in one or more programming languages (C/C++, Java, Python, etc.)
- Accreditation/Certifications:
- AWS Certified Practitioner/Cloud Engineer/Software Development Engineer/Cloud Security Engineer/Cloud Security Architect/Application Architect
- Google Certified Professional Cloud Security Engineer and/or Microsoft Certified: Azure Security Engineer Associate
- Certified Kubernetes Security Specialist (CKS)
- CISSP