Security Engineer III

Your seniority as a security engineer puts you in the ranks of the top talent in your field. Play a critical role at one of the world's most iconic financial institutions where security is vital.

As a Security Engineer III at JPMorgan Chase within the Cybersecurity Technology & Controls team, you will play a vital role in a diverse and collaborative environment dedicated to delivering cutting-edge software solutions. Your focus will be on ensuring that these solutions not only meet established functional and user requirements but also proactively prevent misuse, circumvention, and malicious activities. You will leverage your expertise to implement critical technology solutions utilizing tamper-proof and audit-defensible methods across multiple technical domains. By aligning your efforts with the firm's strategic business objectives, you will enhance the organization's overall security posture and contribute to a resilient cybersecurity framework that protects vital assets and data. Your role will involve continuous learning and adaptation to emerging threats, ensuring that our security measures remain robust and effective in an ever-evolving landscape.

Job responsibilities

• Develop and implement security policies as code to automate enforcement across AWS, Azure, and GCP environments.
• Monitor cloud environments for misconfigurations and compliance drift using automated tools and frameworks.
• Conduct risk assessments to identify vulnerabilities and prioritize remediation efforts in collaboration with relevant teams.
• Lead investigations into cloud security incidents, maintaining incident response plans and implementing corrective actions.
• Work with Cloud Security leads to integrate security into all phases of cloud service development and provide training on best practices.
• Stay updated on cloud security trends and best practices through participation in training, seminars, and conferences.
• Executes security solutions design, development, and technical troubleshooting with the ability to apply knowledge of existing security solutions to satisfy security requirements for internal clients (e.g., product, platform, application owners)
• Leads delivery of continuity-related awareness, training, educational activities, and exercises
• Contributes to a team culture that values diversity, promotes opportunities, fosters inclusion, and upholds respect for all members.

• Obtain 3+ years of equivalent experience with a bachelor's degree in computer science, engineering, or a related field, with proven work experience as a Security Engineer.
• Strong proficiency in Python programming language for developing security automation scripts and tools.
• In-depth knowledge of at least one major cloud environment (AWS, Azure, or GCP) with a focus on security best practices and compliance frameworks.
• Demonstrated understanding of cloud security concepts, including identity and access management, network security, and data protection.
• Strong analytical and problem-solving skills, with a security mindset to proactively identify and mitigate risks in multi-cloud environments.
• Experience developing security engineering solutions.
• Overall knowledge of the Software Development Life Cycle and solid understanding of agile methodologies such as CI/CD, application resiliency, and security.

• Experience with additional programming languages beyond Python, enhancing the ability to develop diverse security solutions and tools.
• Familiarity with multiple cloud environments (AWS, Azure, GCP) to leverage a broader understanding of security practices across platforms.
• Knowledge of advanced security frameworks and compliance standards, such as NIST, ISO 27001, or CIS benchmarks, to enhance organizational security posture.
• Good knowledge of industry benchmark Cloud Security Posture Management (CSPM) tools to effectively assess and improve cloud security configurations.