JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
The Cyber Application Security Engineering Lead will define the technology strategy as well as lead the design, build, & implementation of JPMC’s application security solutions to enable the Software Security Assurance Program (SSAP). The SSAP’s primary objective is to develop a sustained capability to design, acquire, and deploy secure software through process & technology that prevents, detects, and responds to software vulnerabilities.
Primary Duties and Responsibilities
The successful candidate will work within the Cybersecurity Technology team in partnership with firm’s Architecture, Security Operations and Lines of businesses in a hands-on environment. The primary scope of responsibility is setting strategy & leading a team of engineers to gather requirements, design, build, test, & deploy application security products such as BlackDuck, Fortify, Veracode, SD Elements, etc. The successful candidate will have a strong combination of application security, engineering, design, analysis, information technology, security and management skills. Specific responsibilities will include:
Define and execute on core strategy for application security
Contribute to the success of Software Security Assurance Program by working with security architects, software security champions (SSCs), Application Security Champions (ASCs), application development (AD) managers, application developers, and information risk managers (IRMs) to deploy software security controls effectively.
Provide technical guidance to management, direct reports, Security Operations and/or the lines of business relating to application security products and implementation
Represent application security current state and future strategy to senior management and C-level executives in the various lines of business
Provide technical inputs to management during proof-of-concept reviews for new security products
Manage and lead a team of engineers developing application security solutions across multiple products, platforms and lines of business
Play a lead role in developing strong relationships with internal clients and resources
Identify, develop, retain & hire key talent into the Cybersecurity organization
Bachelor’s degree in computer science, information systems or related field along with 10+ years of overall IT experience required (note: equivalent experience may be considered in lieu of degree)
- 10+ years of professional experience with application security solutions to prevent, detect, and respond to software vulnerabilities as well as secure coding practices
- 10+ years of experience engineering within large-scale/global enterprises combined with at least 3 years of experience within an engineering manager role or implementing application security solutions
- A solid understanding of different application security controls such as static scanning, threat modeling, design patterns, binary scanning and dynamic scan.
- Ability to demonstrate excellent knowledge of the application security threat landscape as well as the market landscape, trends and offerings
- People Skills:
- Ability to work under pressure in time critical situations
- Ability to resolve conflict in a collaborative manner
- Must be a driver of change and have strong influential skills
- Communication Skills:
- Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm.
- Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman’s terms
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.