Lead Security Engineer - Cryptographic Libraries & TLS

Take on a crucial role where you'll be a key part of a high-performing team building and maintaining foundational cryptographic infrastructure.

Make a real impact as you help shape the way secure communications are configured, tested, and deployed across the enterprise at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the CTC Emerging Technologies Security group, you will own and evolve a TLS abstraction layer that provides a unified interface for TLS stack configuration across Java, Python, and Node.js runtimes.

You will serve as both a hands-on developer and a subject-matter expert at the intersection of network security protocols and polyglot software engineering.

You will be responsible for ensuring that the library remains secure, performant, well-tested, and aligned with evolving TLS standards and enterprise security policy.

Job Responsibilities


* Design, implement, debug, and extend the TLS abstraction layer, ensuring consistent TLS configuration and behavior across Java (JSSE/Bouncy Castle), Python (ssl/OpenSSL bindings), and Node.js (built-in TLS/OpenSSL) runtimes.


* Serve as the team's subject-matter expert on TLS 1.2 and 1.3 handshake mechanics, cipher suite negotiation, certificate validation, key exchange algorithms, and session resumption - and translate that expertise into library design decisions.


* Architect clean, well-documented APIs that decouple application-level TLS intent (e.g., minimum protocol version, allowed cipher suites, certificate pinning, mutual TLS) from the platform-specific implementation details of each runtime's TLS stack.


* Build and maintain comprehensive test suites - including unit, integration, interoperability, and protocol-conformance tests - that verify correct TLS behavior across all supported runtimes and configurations.

Develop test harnesses that exercise edge cases such as certificate chain validation failures, protocol downgrade scenarios, and cipher suite mismatches.


* Design, maintain, and improve CI/CD pipelines for the library, including automated builds, multi-runtime test matrices, static analysis, dependency scanning, and artifact publishing across all supported language ecosystems (Maven/Gradle, PyPI, npm).


* Triage and resolve complex TLS-related issues reported by consuming applications, including handshake failures, performance regressions, certificate trust-store misconfigurations, and runtime-specific behavioral differences.


* Monitor developments in TLS standards (IETF RFCs), cryptographic library updates (OpenSSL, Bouncy Castle), and runtime release notes to proactively assess impact on the library and plan necessary updates.


* Produce clear integration guides, migration documentation, and configuration references so that consuming teams can adopt and configure the library with minimal friction.


* Work with application teams, platform engineering, and enterprise securi...