Product Security Lead Software Engineer
Product Security Lead Software Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Originating from Chase in 2021 we are a team dedicated to creating customercentric products. Our success relies on collaboration curiosity and commitment nurtured in an environment promoting skill development.
As a Lead Security Engineer at JPMorgan Chase within the accelerator program you are the heart of this venture focused on getting smart ideas into the hands of our customers. You have a curious mindset thrive in collaborative squads and are passionate about new technology. By your nature you are also solutionoriented commercially savvy and have a head for fintech. You thrive in working in tribes and squads that focus on specific products and projects and depending on your strengths and interests youll have the opportunity to move between them.
While were looking for professional skills culture is just as important to us. We understand that everyones unique and that diversity of thought experience and background is what makes a good team great. By bringing people with different points of view together we can represent everyone and truly reflect the communities we serve. This way theres scope for you to make a huge difference on us as a company and on our clients and business partners around the world.
Job responsibilities
- Cultivate security cultureWorking with Product and Engineering colleagues be the security champion that strives to prioritize sustainable controls and driving real risk reduction outcomes.
- Build secure productsensure security is considered throughout the Product and Software Development Life Cycle. Provide security best practice build security design patterns complete security architecture reviews threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk.
- Ensure security thought leadershipKeep up on security best practice and be a continuous learner. Guide and define our security practices and standards endtoend be recognized as a point of escalation and subject matter expert for IT Risk and Cyber domains.
- Work together We work together with product and engineering we help to solve problems and not just calling out issues We also operate within a larger business and align with the wider security function across JPMC.
- Ensure we are deploying products into a secure environment aligning with the FIRM control requirements supporting ongoing businessasusual vulnerability management internal security consultancy audit and regulatory engagements risk activities and project initiatives. Work closely with Third Party Oversight teams to ensure effective technology risk management with a focus on Cloud computing / emerging technologies.
Required qualifications capabilities and skills
- Formal training or certification on security engineering concepts and applied experience
- Extensive experience in an engineering role with heavy focus on security.
- Excellent knowledge of bestpractices for securing Microservice architectures.
- Excellent knowledge of securing Kubernetes environments.
- Excellent knowledge of methods for authentication authorization (ODIC OAuth 2 FIDO 2 .etc..
- Excellent knowledge of modern SDLC practices with a focus on embedding security into CI/CD pipelines.
- Excellent knowledge of all of the above concepts in the context of at least one (ideally more! public cloud provider (AWSGCPAzure)
- A desire to teach others and share knowledge. We arent looking for hero engineerswe look for team want you to coach other team members on security coding practices design principles and implementation patterns.
- Comfortable in uncharted waters. We are building something new. Things change quickly. We need you to learn technologies and patterns quickly.
- Ability to see the long term. We dont want you to sacrifice the future for the present. We want you to choose technologies and approaches based on the end goals.
- Clarity of thought. We operate quickly and efficiently and we value people who are economical with their time and clear with their opinions.
Preferred qualifications capabilities and skills
- Understanding of applied cryptography symmetric/asymmetric cryptography Certificate management.
- Knowledge of offensive security Application and Infrastructure penetration testing (OWASP top 10 OWASP ASVS)
- Understanding of security vulnerabilities and remediation options in codebases (Java/Kotlin/etc) & containers
- Excellent knowledge of security/identity SaaS vendors (Auth0 Forgerock Keycloak)
#ICBCareer #ICBEngineering
Employment Type
Full-Time
