JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of > $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
Global Technology Infrastructure (GTI) is the technology infrastructure organization for the firm, delivering a wide range of products and services, and partnering with all lines of business to provide high quality service delivery, exceptional project execution and financially disciplined approaches and processes in the most cost effective manner. The objective of GTI is to balance both business alignment and the centralized delivery of core products and services. GTI is designed to address the unique infrastructure needs of specific lines of business and the demand to leverage economies of scale across the firm.
The Core Foundation Services team (CFS) within GTI is responsible for delivering Enterprise solutions that are consistent, standardized, and cost effective in an integrated way and are utilized by all LOBs. The organization drives product management, engineering standards, service delivery and productivity initiatives for key technologies like encryption, authentication, naming, monitoring and configuration.
The Key Management team within CFS is responsible for managing Service Delivery of Enterprise Key management and encryption/security solutions like Data encryption, Key management, Public Key Infrastructure (PKI) and Splunk. The qualified applicant will become part of JPMC’s Key Management Engineering Team that Architect, design and engineer Encryption, Key Management, Microsoft PKI solutions and supporting technologies that are part of the Key Management service offerings.
Role Description & Responsibilities:
Key Management and Encryption Engineer Lead position is for the Engineering part of the Service delivery of Key management and Encryption service.
- Architect, Design and deliver Encryption, key management and PKI related solutions
- Implementing Firmwide cryptographic infrastructure based on defined strategy
- Assessing cryptographic approaches, requirements and capabilities
- Understanding emerging trends, technical reviews, business requirements, and architectural views in order to engineer solutions
- Collaborating with business and technology partners to understand the firm’s business goals, use of cryptography in business processes and cryptographic requirements
- Provide support in guiding business and technology partners on cryptographic and data protection matters
- Recommending end-to-end technology design solutions and take full accountability for the architecture of a solution
- Design and implementation of Windows 2012 Active Directory Certificate Services including CAs, HSMs, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS)
- Design and implementation of certificate revocation servers like Online Responder service (OCSP) and Certificate Revocation List (CRL) servers
- Serve as the final level escalation point for support issues before engaging the vendor
- Promote best practices to ensure the risk profile is minimized and security posture is enhanced
- Evaluation, testing and certification of cyber related products including encryption, Key management and access control services
- Producing engineering work orders that specify the implementation detail of the systems architected
- Automate functions with scripting tools, develop reports
- Evaluate results and communicate findings
- Applying industry/technical knowledge to provide solutions that increase business results and/or minimize risk regarding the integration of applications across multiple product systems and delivery channels
- Identifying, recommending, and implementing emerging IT trends, developments, and improvements/solutions by buying, building or reusing
- Partnering with Global Engineering and Architecture teams to ensure solutions are in line with Firm-wide Strategic Technology Roadmap
- Managing multiple assignments simultaneously, while working independently and with other designers and SME
- Lead cross-functional discussions and design reviews
Prior experience working with business in the data security space and PKI
Ability to perform independently as well as work effectively with a team and peers, providing timely delivery and follow through in a high paced environment.
- 7+ years combined experience with data security, encryption, key management, PKI
- Solid understanding of security, encryption, authentication, key management and applied cryptography
- Experience working with or working for global systems integrators or solution engineering team
- Experience with Vormetric Data Security Manager – infrastructure design, policy/rule creation, management and key management
- Hands on experience/working knowledge with Unix/Linux, Wintel, Storage Technologies and Database solutions and tools
- PKI design experience including hands on experience with Certificate Authority, Certificate Enrollment Web Service, Revocation servers & HSMs
- Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across applications, backup, database, endpoint device, email, file, network, removable media and storage domains
- Working experience with key storage, distribution and implementation (user and machine based)
- Working experience with vendor based implementations such as Vormetric, Oracle, IBM, Microsoft, Cloud-based, Cisco, EMC, RSA, Sybase
- Working experience with database encryption methods, solutions
- Scripting and automation experience
- Experience with Vormetric Data Security Manager, policy/rule creation, management and key management
- Experience with Splunk for Log archiving and analytics/
- Experience with large enterprise technology projects
- Experience troubleshooting digital certificate issues
- Experience sizing workloads described by business requirements to compute platforms.
- Experience and ability to steward technical projects through architecture review committees and implementation checkpoints
- Experience performing multi-year capacity planning of infrastructure service offerings
- High proficiency with Platform security as well as Vormetric products
- Experience in Core Java/ J2EE design techniques
- Java Frameworks i.e. Spring; Hibernate
- Multi-threaded Programming
- Experience with Restful web services
- Source code control software (eg. Clearcase, subversion) Track Record Delivering in an Investment Bank Environment
- RDBMS experience preferably with MS SQL Server including stored procedures
- Test Driven Development/Behavior Driven Development
- UNIX / Windows shell scripting