The Global Cybersecurity and Technology Controls ("CTC") functions are responsible for the governance and oversight of the Information Security Program at the Firm. We enable new business and technology innovation while maintaining a relentless focus on protecting the Firm and its clients/customers.
Within CTC, the Application Security Design Review team (SDR) guides the Firm in modeling and mitigating cyber security threats in our proprietary software and supporting infrastructure. We directly partner with product engineering to ensure the delivery of safe, stable, and resilient products on day 1. Our focus is making application security easy to understand and implement. We are the experts in our field, passionate in our desire to maintain a high security bar; providing guidance to customers and creating innovative scalable solutions to challenging problems.
We are seeking exceptional Security Engineers to join us and shape the future of application security at the Firm. If you're dedicated to your craft and are excited by the challenge of working with a diverse group of financial products to influence change at scale with global impact for millions of customers, then we'd like to talk to you.
JPMorgan Chase & Co is looking for experienced Application Security Engineers to ensure that our systems, applications, and services are implemented with the high standards required to maintain and enhance our customer's trust. You will be a technical leader to your peers, specializing in common threats and mitigations across the Firm. You will be analyzing product design, documentation, and implementation (configuration/software), documenting any gaps or errors identified from a security perspective.
The ideal candidate is passionate about solving security problems in innovative ways. They must desire to not only find issues but also the drive to take ownership of solutions which can be applied across the Firm. The ideal candidate has strong software design and implementation experience, strong knowledge of operating systems and web protocols, as well as an in-depth knowledge of static and/or dynamic testing tools.
ROLES & RESPONSIBILITIES
Detailed understanding of Security fundamentals, including: cryptography, modern memory safety, operating system internals, and web services security.
Detailed understanding of related security threats, including: cloud security, hardware and firmware security, and mobile security.
Detailed understanding of common standards, including: OAuth, OpenID, and the shared responsibility model.
Strong desire to up-skill and self-develop to promote cutting edge Security best practices.
Strong desire to lead and mentor your peers to ensure a high standard of delivery.
Delivery of risk assessment and threat modeling activities.
Delivery of scoping application security assessments and penetration tests.
Contribution to security awareness training development and implementation
Leadership in evaluating security controls(libraries, frameworks, etc.), their development and their deployment
Guidance in the development of prototypes, Proofs of Concept and Reference Models for shared security controls at the Firm.
4+ years of experience within a software security team or similar operating environment
BA/BS in computer science, information security, related discipline, or equivalent work experience
Proficiency in multiple enterprise programming languages: C#, C++, Java and/or Python
Software engineering experience; with a current focus on secure application development
Penetration testing experience; with a knowledge and familiarity of common tools techniques and processes.
Deep understanding of common application flaws, and how to fix them
Ability to work independently and comfortably in a fast-paced environment
Excellent leadership, teamwork and collaboration skills, and attention to detail.
Results-oriented, high energy, self-motivated.
Strong information security risk-based and data-driven prioritization abilities
Information security professional certifications encouraged (SANS GIAC, CISSP etc.)
Passionate about security; involved in the application security community
Experience teaching application security and secure development practices; in 1:1 situations or to large teams.
Experience with DevOps processes in a Cloud/SaaS environment.
Experience architecting, securing, and operating common cloud environments: Amazon Web Services, Google App Engine, and Azure.
Experience with service-oriented architectures and web services security.JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
Equal Opportunity Employer/Disability/Veterans
It's easy, and free! Add jobs from any website! Get recommendations from your friends! Start by adding this job...