Cybersecurity Engineering & Architecture - Central OH ISSA Conference

JPMC Security Engineers/Architectsdesign and build technology controls for software systems to ensure controls become an integral part of the systems operational capabilities. The primary goal is to implement software solutions that satisfy predefined functional and user requirements with the added dimension of preventing or discovering misuse circumvention malicious behavior and system weaknesses. Constraints and restrictions are asserted as a security policy implemented in software and evidenced in tamperproof audit defensible methods. Security engineers balance the security outcomes of their systems with the user friction/toil to ensure scale and sustainability are met while meaningfully reducing risk.

As a Security Engineer/Architect at JPMorgan Chase within the Cybersecurity & Technology Controls organization youare an integral part of an agile team that works to deliver software solutions that satisfy predefined functional and user requirements with the added dimension of preventing misuse circumvention and malicious behavior. Drive significant business impact through your capabilities and contributions and apply deep technical expertise and problemsolving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.

Job responsibilities

• Executes creative security solutions design development and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems
• Develops secure and highquality production code
• Reviews and debugs code written by others
• Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols including creating processes to determine the effectiveness of current controls
• Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability
• Regularly provides technical guidance and direction to support the business and its technical teams contractors and vendors
• Actively contributes to the engineering community as an advocate of firm wide frameworks tools and practices of the Software Development Life Cycle

Required qualifications capabilities and skills

• Formal training or certification on software engineering/architecture concepts
• Applied experience in planning designingand implementing enterpriselevel security solutions
• Fluent understanding of the Software Development Life Cycle (SDLC).
• Advanced capabilities in one or more programming/scripting languages (e.g. Java Python C/C etc.)
• Experience in planning designingand implementing enterpriselevel security solutions
• Practical cybersecurity experience in one or more of the following technology disciplines to include AI/ML Application Development Cloud Infrastructure Mobile Offensive Security (Pen Testing Red Teaming etc.) and Vulnerability Management among others.
• Understanding of agile methodologies such as CI/CD Application Resiliency and Security
• Practical cloud nativeexperience (i.e. AWS Azure and/or GCP)

Preferred qualifications capabilities and skills

• Experience with web API and microservices technologies (Web applications Web Services Service Oriented Architectures)
• Experience with Infrastructure as Code (IaC) utilizing tools such as Terraform.
• Experience withThreat Modeling(i.e. STRIDE MITRE VAST DREAD IriusRisk PASTA etc.)
• Experience with Vendor Product Management/Services/Tooling
• Accreditation/Certifications:
  • AWS Practitioner; Cloud Engineer; Software Development Engineer; Cloud Security Engineer; Cloud Security Architect; Application Architect
  • Offensive Security OSCP; OSWP; OSCE; OSEE; OSWE; OSEP; CEH