Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.
As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls organization, you will help leverage innovative cryptography. You will work alongside cryptographers and a group of passionate security engineers to solve complex security problems and support the deployment of cryptography-based solutions. This role offers the opportunity to make a real impact by shaping the future of software security at one of the world's largest and most influential companies.
The position requires extensive software development experience and strong industry experience in combining cryptography and security best-practices to secure complex IT infrastructure, customer-facing services, and sensitive customer and enterprise data.
Job responsibilities
Assess existing cryptographic librariesEvaluate existing crypto-agile approaches and tools - help define and implement JPMC-centric solutionsDefine and develop tools or libraries for cryptography servicesReview architecture document for security servicesAssist with performance impact assessment of post-quantum cryptography implementationsConduct source code security reviewCommunicate ongoing work with other teams or organizationsCollaborate with cryptographers on specific topics
Required qualifications, capabilities, and skills
Formal training or certification on security engineering concepts and 5+ years applied experienceSolid track record of using cryptography software frameworks including, but not limited to, Java JCA and/or Bouncy Castle Strong understanding in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, block ciphersStrong understanding of network security protocols (TLS, SSH, IPsec etc.)Strong track record in software development, with experience working with tools like Github, Junit, Maven, Jenkins, CI/CD Good knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509)Security solution development utilizing cryptographic agility principlesAbility to convey complex concepts and ideas in a clear and concise manner to a wide range of audienceProven track record in working with diverse teams to achieve goalsDriving enterprise-wide transformative security technology initiatives
Preferred qualifications, capabilities, and skills
Familiarity with upcoming NIST post-quantum cryptography standards and related migration effortsBasic knowledge on cryptanalysis, crypto system threat modeling and analysisNIST key management best practicesTechnology security certifications, e.g., FIPS 140-2/3, Common Criteria, PCIProficiency in Java. Other programming languages like Go, C/C++, Python, C#, JavaScript or shell scripting good to haveEngineering and managing cryptographic systems for enterprise applications and infrastructure MS or BS in computer science, preferably with a focus on security and/or cryptography
FEDERAL DEPOSIT INSURANCE ACT:
This position is subject to Section 19 of the Federal Deposit Insurance Act. As such, an employment offer for this position is contingent on JPMorganChase’s review of criminal conviction history, including pretrial diversions or program entries.