Lead Security Engineer

DESCRIPTION:

Duties: Provide security solutions across a number of domains in the core platform, including our Kubernetes platform and ecosystem, CI/CD tooling.

Develop and take ownership of security enablement services used in our SDLC whether that's services written in Golang, Java, Python or OSS tools.

Engage and collaborate with engineers across the business to understand use-cases and to define best practices for use of the security of the platform.

Bring in the new and latest technologies and techniques for security and identity while driving their adoption where appropriate.

Own and implement firm wide federal controls and regulations.

QUALIFICATIONS:

Minimum education and experience required: Bachelor's degree in Engineering (any), Computer Science, Computer Information Systems, or related field of study plus 5 years of experience in the job offered or as Lead Security Engineer, Devops Engineer, Application Developer, Java Technical Lead, or related occupation.

The employer will alternatively accept a Master's degree in Engineering (any), Computer Science, Computer Information Systems, or related field of study plus 3 years of experience in the job offered or as Lead Security Engineer, Devops Engineer, Application Developer, Java Technical Lead, or related occupation.

Skills Required: This position requires any amount of experience with the following: Using modern devops tools including GitHub, Helm, and custom resource definitions to deploy services in Kubernetes environments while following security standards; Applying OWASP security vulnerability mitigation in a cloud environment; Monitoring and applying cloud and container security; Performing Threat Modeling to identify and mitigate risks; Software development using golang, Java, Python, and Bash; Using GitHub actions and Jenkins to securely deploy software and infrastructure; Hardening the security of docker images; Implementing and managing logging across distributed environments; Managing and monitoring of Kubernetes environments to ensure site reliability and security; Actively monitoring and managing cloud environments for vulnerabilities; Deploying infrastructure to GCP and AWS through infrastructure as code; Modeling and implementing cloud networks using VPCs and subnets to ensure network security and isolation; Secure software design in a regulatory space such as SOC2, PCI or FIPS.

Job Location: 237 Park Avenue, New York, NY 10017

Full-Time.

Salary: $215,000 - $260,000 per year.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P.

Morgan and Chase brands.

Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards...