JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The ASP .NET / .NET Application Security Architect is responsible for creating ASP .NET /.NET Security Design Patterns (SDP) and perform Security Design Reviews (SDR) of applications. Responsibilities include creating ASP .NET / .NET Security Design Patterns to resolve identified design flaws, presenting SDP in the working groups, soliciting feedback from key stakeholders, piloting SDPs (on selected applications) and ensuring that SDP can be implemented with desired results. Responsibilities also include identifying, evaluating, and prioritizing potential weaknesses in design of applications using both manual and automated methods. This role requires a unique individual who possesses the drive and determination to conceptualize, design, and mitigate attack surfaces / threats / flaws by creating Security Design Patterns.
• Collaborating with all LoBs, create and actively maintain pipeline for ASP .NET / .NET Security Design Patterns.
• Prioritize and create Security Design Patterns, review them with Key stakeholders of all LoBs, present them in Working Group, update / publish and socialize SDPs.
• Ensure that Security Design Patterns are understood and adopted by development teams.
• Develop and maintain Tracking / Metrics for ASP .NET / .NET Security Design Patterns adoption
• Occasionally perform Security Architecture Risk Analysis (SARA) / Security Design Reviews (SDR) of applications and assess their designs against known and emerging threats.
• Prepare a risk report for each SARA / SDR assessment listing out attack surface, threats, flaws and providing remediation guidance.
• Communicate Findings/Remediation guidance/Security Design Patterns to development teams in a concise and succinct manner.
• Learn and support internal Security Design Review and Threat Modeling Tools and infrastructure.
• Acquire and maintain a working knowledge of relevant laws, regulations, and JPMC policies, standards, and procedures
• Looking for Subject Matter Expert in Application Security with minimum of 5 years of experience in the following:
• In-depth knowledge of application security for ASP .NET and .NET (Web, Web-services, Windows and mobile) applications.
• In-depth knowledge of ASP .NET / .NET Security Design Patterns for applications.
• In-depth knowledge of top risks and vulnerabilities identified by OWASP, NIST, SANS...
• Knowledge of software-related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, implicitly / minimization).
• Excellent communication skills (both verbal and written).
• Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., ISO) relating to system/application design.
• Knowledge of software design tools, methods, and techniques
• Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)
• Skill in Threat Modeling methodologies and approaches such as STRIDE, Attack Trees
• Skill in recognizing vulnerabilities in application designs.
• Knowledge of system and application security threats and vulnerabilities
• Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit)
• CISSP, CSSLP certifications are desirable
• BS degree in computer engineering or equivalent.
•Ability to work under pressure in time critical situations
•Ability to resolve conflict in a collaborative manner
•Must be a driver of change and have strong influential skills
•Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm.
•Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman’s terms
Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.
The firm invites all interested and qualified candidates to apply for employment opportunities.
If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.