Lead Security Engineer - Threat Modelling, AWS

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team, you play a crucial role in delivering software solutions that meet predefined functional and user requirements while ensuring protection against misuse, circumvention, and malicious activities. As a core technical contributor, you are tasked with implementing essential technology solutions using tamper-proof and audit-defensible methods across diverse technical areas within various business functions.

Job responsibilities

• Executes threat model assessments of enterprise solutions, design, development.
• Design and author preventative and detective guardrails using Cloud native capabilities like (AWS -IAM, SCP, RCP), (Terraform Sentinel), (Wiz -CNAP), (Splunk), etc
• Develops secure and high-quality production code and reviews and debugs code written by others.
• Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls.
• Hands on experience with the ability to think beyond routine or conventional approaches to address security weaknesses.
• Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability.
• Adds to team culture of diversity, opportunity, inclusion, and respect

• Formal training or certification on security engineering concepts and 5+ years applied experience
• Cyber security architecture, development, and engineering experience
• SME experience with AWS EKS (Elastic Kubernetes Service) and Cloud IAM (Identity and Access Management) for managing and securing cloud-based applications.
• Skilled in planning, designing, and implementing enterprise-level security solutions.
• Advanced in one or more programming languages.
• Proficient in all aspects of the Software Development Life Cycle.
• Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security.
• Experience with threat modeling, discovery, vulnerability, and penetration testing.
• In-depth knowledge of the financial services industry and their IT systems.

• Proficient in Infrastructure as code (Preferably Terraform)
• Experience effectively communicating with senior business leaders