Apply Now    

Application Security Analyst - Cyber Security

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at
The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure.  The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat.  We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
Position Description
The Application Security Analyst will be part of the JPMorgan Chase Application Security Group, which is responsible for working with the various software application development teams in JPMC to help them analyze and determine the applicability and severity of identified potential security vulnerabilities. The person will have a solid understanding of different application security controls such as Static Scanning, Threat Modeling, Design Patterns, binary scanning and Dynamic Scan. The person will be responsible to manage binary scanning program for the firm. The person additionally will be responsible to manage vulnerability remediation practices for application Security group that includes establishing manual vulnerability correlation from various tools e.g Fortify, Open source (Black Duck) and Dynamic Scan/Pen Test.
The position will work closely with the Line of Business AD teams, Static Scanning Support Team, Mobile AD and Support Team, KPI Reporting Team and external business partners to ensure that technologies and best practices are properly applied to protect JPMC’s products, services, and customer information. 
  • Contribute to the success of Firm-wide Application Security program by working with security architects, software security champions (SSCs), Application Security Champions (ASCs), application development (AD) managers, application developers, and information risk managers (IRMs) to deploy software security controls effectively.
  • Understand overall application security services and identify opportunities to streamline all the services to improve effectiveness
  • Perform detail analysis of issues found by Red Team (Pen Test) in production and correlate them with the pre prod testing such as SD elements and Static Scan
  • Work on the vendor application security program and work on VBSIMM activities to be included within TPRM vendor assessment. Additionally provide guidance on binary scanning processes to different LOB’s
  • Work with AD teams to implement and maintain security frameworks within their applications and drive secure coding guidelines.
  • Identify and draw KPI’s to show the progress of overall application security program and identify opportunities for improvement in different areas
  • 3+ years of experience in software security practices with development experience is a plus
  • Expert knowledge of software vulnerability remediation techniques and libraries
  • Good understanding of NVD, CVSS scoring, risk ranking, threats and vulnerabilities, and performing web application security assessments
  • Experience as an Application Developer or Application Security expert in working with Static Scanning tools e.g. HP Fortify, IBM Appscan etc.
  • Experience in working with common OSS frameworks.
  • Deep code-level knowledge of common software security vulnerabilities and remediation methods for Java applications. 
  • Deep knowledge of the OWASP Top 10 and the ability to explain how these issues should be remediated.
  • Expert level analyst with proven capability to comprehend various technology stacks related to web security, authentication, database security, session management, business logic and input validation methods.
  • Proficiency with CVSS, CVE and related schema and scoring. 
  • Strong technical acumen, communication and influence skills to demonstrate effectiveness of different application Security Programs  
  • Experience in pen-testing, not required, but is considered a plus. 
  • Professional Certifications a plus (i.e. CSSLP, GSSP, CISA, CISSP)
  • The candidate must be a “self starter”, able to operate independently within minim guidance, and produce tangible, measurable results.
  • Bachelor’s degree in computer engineering or equivalent. Masters degree a plus. 
  • People Skills:
    • Ability to work under pressure in time critical situations
    • Ability to resolve conflict in a collaborative manner
    • Must be a driver of change and have strong influential skills

    Communication Skills: 

    • Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm.
    • Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman’s terms
Req #: 160015899
Location: Jersey City, NJ US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 3000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.