Software Engineering & Architecture Cybersecurity Event - Columbus
Description:
Description
Join a team where you can play a crucial role in shaping the future of a world-renowned company and make a direct and meaningful impact in a space designed for top performers.
As a Security Engineer/Architect at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you are an integral part of an agile team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Drive significant business impact through your capabilities and contributions and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.
JPMC Security Engineers/Architects design and build technology controls for software systems to ensure controls become an integral part of the system’s operational capabilities. The primary goal is to implement software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing or discovering misuse, circumvention, malicious behavior, and system weaknesses. Constraints and restrictions are asserted as a security policy, implemented in software, and evidenced in tamper-proof, audit defensible methods. Security engineers balance the security outcomes of their systems with the user friction/toil to ensure scale and sustainability are met while meaningfully reducing risk.
Job responsibilities
Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems
Develops secure and high-quality production code
Reviews and debugs code written by others
Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls
Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability
Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors
Actively contributes to the engineering community as an advocate of firm wide frameworks, tools, and practices of the Software Development Life Cycle
Required qualifications, capabilities, and skills
Formal training or certification on software engineering/architecture concepts
Applied experience in planning, designing, and implementing enterprise-level security solutions
Fluent understanding of the Software Development Life Cycle (SDLC).
Advanced capabilities in one or more programming/scripting languages (e.g. Java, Python, C/C++, etc.)
Experience in planning, designing, and implementing enterprise-level security solutions
Practical cybersecurity experience in one or more of the following technology disciplines to include AI/ML, Application Development, Cloud, Infrastructure, Mobile, Offensive Security (Pen Testing, Red Teaming, etc.), and Vulnerability Management among others.
Understanding of agile methodologies such as CI/CD, Application Resiliency, and Security
Practical cloud native experience (i.e. AWS, Azure and/or GCP)
Preferred qualifications, capabilities and skills
Experience with web, API and microservices technologies (Web applications, Web Services, Service Oriented Architectures)
Experience with Infrastructure as Code (IaC) utilizing tools such as Terraform.
Experience with Threat Modeling (i.e., STRIDE, MITRE, VAST, DREAD, IriusRisk, PASTA, etc.)
Experience with Vendor Product Management/Services/Tooling
Accreditation/Certifications:
AWS – Practitioner; Cloud Engineer; Software Development Engineer; Cloud Security Engineer; Cloud Security Architect; Application Architect
Offensive Security – OSCP; OSWP; OSCE; OSEE; OSWE; OSEP; CEH