JPMorgan Security Engineer II 

United States, Texas, Plano 

455050225

This role is within the CTC Product Security team aligned to the Cloud Services Enablement spanning across multiple public cloud providers. Your responsibility will be to ensure that Public Cloud is adopted in a secure and compliant manner. You will play an important role in identifying and managing risk related issues and actions with respective technology. You will have an eye for detail and an ability to see the big picture across security issues.

Job responsibilities

• Executes standard security solutions in accordance with existing playbooks to satisfy security requirements for internal clients (e.g., product, platform, and application owners)
• Writes secure and high-quality code using the syntax of at least one programming language with limited guidance.
• Applies specialized tools (e.g., vulnerability scanner) to analyze and correlate incident data to identify, interpret, and summarize probability and impact of threats when determining specific vulnerabilities.
• Supports delivery of continuity-related awareness, training, educational activities, and exercises
• Adds to team culture of diversity, equity, inclusion, and respect.
• Deliver risk-based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
• Perform security reviews of infrastructure-as-code for cloud platform enhancements.
• Support business technology teams to understand control requirements and associated scope dependent on cloud architecture.
• Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.

Required qualifications, capabilities, and skills

• Formal training or certification on security engineering concepts and 2+ years applied experience.
• Basic experience developing security engineering solutions.
• Demonstrable ability to code in one or more languages
• Experience across the whole Software Development Life Cycle
• Exposure to agile methodologies such as CI/CD, application resiliency, and security
• Working knowledge of information and network security, IT risk management, and architectural concepts and patterns

Preferred qualifications, capabilities, and skills

• A keen desire to learn how new technologies operate and how to secure them.
• Work independently, collaborate within a team, comfortable in a virtual environment, self-disciplined, self-managed, self-motivated, and strong sense of ownership, urgency, and drive.
• Proficient verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, external / internal audit, peer groups, regulators, and senior stakeholders.
• Ability to interact within a cross Line of Business technology organization, empower people, build rapport, garnering respect.
• Willingness to understand technology processes such as resiliency, disaster recovery management, performance and capacity management required specific to the public cloud.
• Certifications in AWS, Azure, Google, security certifications, CCSP, CISA, CISSP, CISM or other information security certifications would be a significant advantage.
• Hands on experience of developing and/or architecting within a Public Cloud environment would be a significant advantage.