JPMorgan Chase
Hybrid

Policy / Infrastructure as Code Security Architect

Sorry, this job was removed at 6:11 p.m. (CST) on Monday, March 7, 2022
Find out who's hiring in Columbus, OH.
See all Cybersecurity + IT jobs in Columbus, OH
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Job Description As part of our Cybersecurity Architecture team, you will bring your experience with cloud services to create automated guardrails that ensure the firm is guided by automated policy as code that both enables and secures its enterprise systems. We want you and your experience delivering cloud-hosted solutions to lead the way and help the rest of the firm by architecting the right answers to its challenges.
Security Assurance is an internal JPMC startup, sponsored by the CISO of the firm, that will create a catalog of real-world security solutions to systemic issues. What does that mean? You'll work in a pod with two peers and partner with fellow security architects as well as ethical hackers and regulatory compliance teams to build secure and effective technology that implements desired control outcomes. Working in a pod allows three deep experts in different areas to create a balanced team that collaboratively delivers thoughtful and complete solutions.
Working as an Architect and prototyping engineer, your passion for technology and thirst for innovation will help shape the future of global digital commerce, now and for years to come. Every day, you'll bring critical day-to-day leadership and thinking to the table, working with teams of engineers, aligning cross-functional projects, ensuring that they're fiscally and technically within reason. You'll collaborate with internal teams and business leaders alike, creating strategically sound target state architectures and proving they work through lab prototypes and early implementations with our application teams.
Practically speaking we're looking for people with automation, infrastructure as code, SRE or equivalent experience building cloud-based computing, networking and data storage systems. You'll leverage your expertise in Amazon Web Services, Cloud Foundry, Kubernetes or Google Cloud Platform environments to create patterns and documentation explaining the requirements and rationale for the team's design, and as required directly usable code samples, development frameworks and automated deployment scripts. You'll collaborate with others in your pod, sharing your expertise and learning from your peers as you solve next-generation problems in policy design, distribution and execution.
You will help us craft solutions to examine the intersections between the set of rules and the set of events to understand what policies apply, identify and close policy gaps, and define desired outcomes when deviations are found. This includes real-world analysis of existing data sets, as well as what-if exercises and tabletop simulations to understand the impact of policy changes on existing and next-generation applications and infrastructure, and to evaluate control effectiveness across a cyber-attack-tree kill chain.
As a successful candidate, you will lead by example from the start, combining hands-on and influencing roles to build consensus for and adoption of your solutions and design approaches. You will design, write and test operational rules that reflect existing and proposed cybersecurity policy. You will bring to bear your broad understanding of how software is built and operates, and learn about how security controls intersect with operational concerns, to create rules that are sensible, robust, and reusable policies that make the best use of existing data sources to meet desired business outcomes.
This role requires a wide variety of strengths and capabilities, including:

  • BS/BA degree or equivalent experience
  • 5 years+ experience as a software engineer or architect working in a large enterprise environment working to automate and innovate technology.
  • 5+ years of progressive experience and technical depth in one (or more) of the following technology areas: Data Security, Infrastructure Security, Endpoint/Platform Security, Security Analytics, Automated configuration management, Automated application deployment, and Security testing or compliance frameworks
  • Hands-on experience in building prototypes or full products in cloud or container-based environments
  • Experience with Design Pattern-type approaches to development
  • Experience with one or more public cloud service and their respective security principles specifically - AWS, Google Cloud Platform (GCP) or Azure
  • Knowledge of container platforms specifically Kubernetes, Docker or Podman
  • Experience building & evangelizing architectural frameworks utilizing APIs for general purpose adoption
  • Self-starter, able to navigate ambiguity and build relationships across the firm
  • Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals
  • Understanding of industry-wide technology strategies and best practices
  • Fluency in architecture and design across all systems


Desirable technology skills include:

  • Dependency / Package management
  • Languages - Java, Python, React, Angular, .C#/, Prolog, Scheme
  • Automation - Jenkins, Spinnaker, Terraform
  • Cyber attack tree / kill chain analysis
  • Executable rule languages such as Drools, Rego, or similar
  • Tabletop exercises / adversary attack scenario analysis


About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Full vaccination is a requirement for this role for new hires joining JPMorgan Chase. Additional requirements include sharing information including your vaccine card in the firm's vaccine record tool and may include mask wearing and social distancing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Note: The requirement to be fully vaccinated to be hired for this role does not apply to roles with a work location in Arkansas, Florida, Iowa, Montana, and Tennessee. For applicants to these roles, JPMorgan Chase will consider all qualified applicants regardless of vaccination status, due to state and local laws.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

What are JPMorgan Chase Perks + Benefits

Culture
Volunteer in local community
Partners with nonprofits
Diversity
Diversity employee resource groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Employee stock purchase plan
Performance bonus
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Vacation & Time Off Benefits
Generous PTO
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Professional Development Benefits
Tuition reimbursement

More Jobs at JPMorgan Chase

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about JPMorgan ChaseFind similar jobs like this