cxLoyalty - Application Security Engineer

Job Description
We are seeking an experienced Application Security Architect to join our organization. The successful candidate will be responsible for designing, implementing, and maintaining the security architecture of our company's applications. The ideal candidate will have at least 8 years of experience in application security architecture and possess expertise in threat modeling, application security testing, secure SDLC, AWS cloud, and financial industry security standards and compliance.
Job Responsibilities

• Build and implement application security policies, process, controls, procedures, and standards to meet a modern security framework for the engineering team.
• Perform threat modeling and risk assessments to identify potential vulnerabilities and develop mitigation strategies.
• Conduct application security testing and coordinate remediation efforts.
• Work with development teams to integrate security into the secure software development lifecycle (SDLC) using secure coding practices and automation tools.
• Collaborate with product and delivery team to ensure quality delivery of the product feature in a that consistent and effective security controls across the organization.
• Regularly review AWS cloud infrastructure and services for security best practices using IaC
• Be responsible to provide guidance and mentorship to members of the application security team.
• Stay up to date with the latest application security trends, tools, and best practices.
• Ensure compliance with financial industry security standards and regulations.

Required Qualifications, Skills, and Capabilities

• 9 to 10 years of relevant experience in Application and cloud security with secure SDLC working with distributed enterprise applications.
• In-depth knowledge of security controls and testing techniques for each phase of the SDLC, including planning, design, development, testing, and deployment
• Experience with tools and automation techniques for integrating security into the SDLC, such as Static Code Analysis (SCA), Dynamic Application Security Testing (DAST), and Container Security
• Understanding of threat modeling methodologies and experience conducting threat modeling exercises for applications
• In-depth knowledge of CI/CD pipelines and experience implementing secure CI/CD practices in an Agile or DevOps environment
• Proficient with security tools and automation techniques for integrating security into the CI/CD pipeline, such as Infrastructure as Code (IaC) security scanning, Container Security, and Automated Compliance Testing
• Understanding of Secure Software Supply Chain principles and practices such as software Bill of Materials (BoM), vulnerability scanning of software dependencies, and third-party risk management
• Thorough understanding of security requirements for financial applications, such as encryption, access controls, and audit trails
• Experience with financial industry compliance frameworks such as the ISO 27001 and the NIST Cybersecurity Framework
• Ability to conduct security assessments and audits to ensure compliance with security standards and regulations.
• Knowledge of secure coding practices for common programming languages, such as Java, Python, and C#.
• Relevant security certifications such as CISSP, CSSLP, CCSP, or AWS certifications are a plus.

About Us
cxLoyalty, a subsidiary of JPMorgan Chase, is a leading provider of loyalty technology services with rewards content in relevant categories including travel, gift cards, merchandise and incentives while using data and analytics to personalize, optimize and deliver a world-class customer experience. We have more than 40 years of experience designing, administering, and fulfilling market leading loyalty programs for our respected client and their customers. We increase customer lifetime value by making each experience personal and inspire consumers to speed, grow, and advocate. Based in Stamford, Conn., cxLoyalty has more than 1,700 associates and provides services to consumers in 14 countries.
About Us
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
Equal Opportunity Employer/Disability/Veterans
About the Team
Our Corporate Technology team relies on smart, driven people like you to develop applications and provide tech support for all our corporate functions across our network. Your efforts will touch lives all over the financial spectrum and across all our divisions: Global Finance, Corporate Treasury, Risk Management, Human Resources, Compliance, Legal, and within the Corporate Administrative Office. You'll be part of a team specifically built to meet and exceed our evolving technology needs, as well as our technology controls agenda.