JPMorgan Chase
Hybrid

Principal Product Security Engineer

Sorry, this job was removed at 11:13 p.m. (CST) on Monday, February 28, 2022
Find out who's hiring in Houston, TX.
See all Cybersecurity + IT jobs in Houston, TX
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Job Description Responsibilities
Driven by a DevSecOps culture, this position is a highly technical role responsible for the secure design and implementation of cloud compute products with the following responsibilities:

  • Defining customer use cases and requirements
  • Designing, prototyping and seamless integration of endpoint security solutions, data protection solutions, identity & access management solutions
  • Designing and building security tools integrated with the CICD pipeline
  • Educating stakeholders on security best practices and standards.
  • Be the security expert and effectively communicate information to technical and non-technical team members
  • Working with architecture, product and engineering teams ensuring security is at the heart of what we do
  • Actively provide technical leadership to more junior members of the security team
  • Respond to security alerts requirements
  • Work independently with developers, product owners, and other domains to ensure secure design, development, and implementation of compute
  • Collaborating with peers to define software/infrastructure guardrails and security abstractions
  • Engineering solutions that enable teams to self-serve on meaningful security metrics leading to faster, safer production environments
  • Building out a best-in-breed security pipeline for real time event monitoring and response
  • Acting as product liaison for security related customer requests leveraging an established process
  • Establishing and building working relationships with product development stakeholders to maintain and improve product and application security processes
  • Coordinating, supporting, and participating in the Security Testing (penetration testing, static and dynamic analysis related activities) with internal Product and Software Security teams
  • Contributing to maturing process, policy, and standards guidance
  • Working with both internal and external technology providers, and product vendors.
  • Educating key stakeholders on program, risks, and importance of security in our products
  • Testing and deploying security solutions that integrate seamlessly into the compute stack to defend, detect, and respond to security threats
  • Proactively recognize security needs and recommend suitable technologies and controls
  • Lean into any challenge, even if not directly relevant to core competencies
  • Be a force multiplier by mentoring other members of the Product Security team


Qualifications
Required

  • Bachelor's degree in Computer Science/Engineering/Information Security or related field is required. (An advanced degree is preferred)
  • 10+ years of full-time product cyber security engineering or information security experience.
  • 5+ years of on the job security experience with Hyper-converged infrastructure solutions.
  • 7+ years of experience in software development or systems engineering in an agile environment.
  • Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and cloud services across hybrid environments.
  • Well versed in security controls integration to defend, detect, and respond to threats against compute infrastructure/platforms
  • Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
  • Strong documentation skill is a must
  • Demonstrable experience engineering security products relevant to the following security disciplines: Identity & Access Management, Endpoint Security (AV/EDR), Data Protection, Infrastructure (Hardware and Software) Security, is a must
  • Demonstrable development/scripting/automation experience in at least one of Java, C++, JavaScript, Python, Go, Powershell.
  • Experience in the integration of security in DevOps (DevSecOps)
  • Direct experience with AWS, Google, Microsoft Cloud Iaas Products. Strong, demonstrable security engineering experience in AWS EC2, Google GCE, container Runtimes, and container orchestration
  • Meets/exceeds JPMorgan's leadership principles requirements for this role
  • Meets/exceeds JPMorgan's functional/technical depth and complexity for this role.


Preferred

  • Strong, demonstrable experience in partnering with product and program management teams.
  • Hands-on experience working with engineering teams on design and implementation of security best practices in architecture and code
  • Hands-on experience with secure code review practices
  • Experience in the use of Agile software development
  • Experience working with product security teams to drive engineering remediation to externally identified threats and vulnerabilities.
  • Experience in at least 3 or more of the following security control areas: Technology Asset Management, Security Configuration & Drift management, Technology Development, Technology Operations, Security Operations, Resiliency, and Vulnerability Management.
  • Experience with incident response teams and efforts, including documentation
  • Demonstrated knowledge of software licensing and configuration management
  • Demonstrated knowledge of program/project management disciplines
  • Practical experience in information security and industry or government certifications and compliance.
  • A strong foundation in and an in-depth technical knowledge of infrastructure and platform security, particularly virtualization products.
  • Strong attention to detail, organizational skills
  • Strong understanding of regulatory requirements
  • Strong, demonstrable experience with hypervisors (Type-1 and Type-2)
  • Strong understanding of Vulnerability detection and management, remediation tools and practices
  • Well versed in security controls integration to defend, detect, and respond to threats against compute infrastructure/platforms
  • Deep understanding of how to connect new and changing threats to cloud computing portfolio to create mitigating or compensating activities
  • Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
  • CISSP, CCSP, AWS Certified Security, CEH or other security certifications.


The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls, and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable, and resilient
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 50,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Full vaccination is a requirement for this role for new hires joining JPMorgan Chase. Additional requirements include sharing information including your vaccine card in the firm's vaccine record tool and may include mask wearing and social distancing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Note: The requirement to be fully vaccinated to be hired for this role does not apply to roles with a work location in Arkansas, Florida, Iowa, Montana, and Tennessee. For applicants to these roles, JPMorgan Chase will consider all qualified applicants regardless of vaccination status, due to state and local laws.
Equal Opportunity Employer/Disability/Veterans
About the Team Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

What are JPMorgan Chase Perks + Benefits

Culture
Volunteer in local community
Partners with nonprofits
Diversity
Diversity employee resource groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Employee stock purchase plan
Performance bonus
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Vacation & Time Off Benefits
Generous PTO
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Professional Development Benefits
Tuition reimbursement

More Jobs at JPMorgan Chase

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about JPMorgan ChaseFind similar jobs like this