Job Description Responsibilities
Driven by a DevSecOps culture, this position is a highly technical role responsible for the secure design and implementation of base-computing products across JPMC environments. Responsibilities include:

• Defining customer use cases and requirements,
• Designing and prototyping endpoint security solutions,
• Designing and building security tools integrated with the CICD pipeline
• Educating stakeholders on best practices and standards.
• Be a security expert and effectively communicate information to technical and non-technical team members.
• Working with architecture, product and engineering teams ensuring security is at the heart of what we do
• Actively provide technical leadership to more junior members of the security team
• Respond to security alerts requirements
• Work independently with developers, product owners, and other domains to ensure secure design, development, and implementation of compute
• Collaborating with peers to define software/infrastructure guardrails and security abstractions
• Engineering solutions that enable teams to self-serve on meaningful security metrics leading to faster, safer production environments
• Building out a best-in-breed security pipeline for real time event monitoring and response
• Testing and deploying security solutions that integrate seamlessly into the compute stack to defend, detect, and respond to security threats.
• Recognize security needs and recommend suitable technologies and controls
• Lean in to any challenge, even if not directly relevant to core competencies

Education

• Bachelor's degree in Computer Science, Information Systems, Engineering or related field is required.
• Relevant industry recognized technical and/or security certifications are preferred.

Experience

• 7+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
• 5+ years of experience working with product security teams to drive engineering remediation to externally identified threats and vulnerabilities.
• 5+ years of experience in security practices, or others) OR an equivalent combination of education, training, and experience.
• 3+ years' hands-on experience with AWS, Google and Microsoft IaaS, PaaS products
• 5+ years of experience with any combination of at least 3 technical disciplines, including the following: vulnerability management, cloud security, network security, application security, identity and access management, and systems engineering.
• 3+ years of practical experience in information security and industry or government certifications and compliance.
• 3+ years of experience with creating threat models of system designs and implementation-how they scale, how they should fit together, and working with teams to identify and remediate potential security gaps.
• Experience in partnering with product and program management teams.
• Experience in the use of Agile software development
• Experience in the integration of security enabled in DevOps (DevSecOps)

Knowledge, Skills, Abilities

• Excellent written and oral communication skills.
• Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences.
• Strong technical skills as they apply to cloud infrastructure and platforms
• A strong foundation in and an in-depth technical knowledge of infrastructure and platform security, particularly virtualization products.
• Strong Virtualization Experience - design, implement, manage, and troubleshoot
• Ability to analyze and solve complex problems
• Strong attention to detail, organizational skills
• Strong understanding of regulatory requirements
• Strong, demonstrable experience with real-time operating systems is preferred
• Strong understanding of Vulnerability detection and management
• Strong understanding of Vulnerability remediation tools and practices,
• Demonstrable development/scripting/automation experience in at least one of Java, Python, Go, Powershell.
• Well versed in security controls integration to defend, detect, and respond to threats against compute infrastructure/platforms,
• Deep understanding of how to connect new and changing threats to cloud computing portfolio to create mitigating or compensating activities.
• Demonstrable experience engineering security products relevant to the following security disciplines: Identity & Access Management, Endpoint Security (AV/EDR), Data Protection, Infrastructure (Hardware and Software) Security, is a must.
• Proficient in one or more programming/scripting languages (some examples Java, C++, Python, Go, Powershell)
• Understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Meets/exceeds JPMorgan's functional/technical depth and complexity for this role.

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls, and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable, and resilient. The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls, and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable, and resilient.
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 50,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.