Cybersecurity Product Security Lead / Security Engineer

Job Description
We are looking for a Product Security Lead (PSL) Security Engineer (SE), to be a trusted security advisor throughout the development lifecycle. You will be an expert in application security including attack paths used by adversaries to exploit vulnerabilities. You will be responsible for aligning Cybersecurity & Tech Controls (CTC's) strategy, security design and controls engineering to Product roadmap and providing transparency to leadership.
You will perform Threat modeling, Architecture and design, Emerging threat identification and (new) Control solutions engineering. You will be comfortable as part of a global team, with colleagues located globally.
Responsibilities:

• Deliver threat modeling to identify vulnerabilities in product design and provide control recommendations to mitigate those risks
• Engage in architecture and design reviews to ensure product alignment with the CTC Strategy and industry best practices
• Identify security risks and emerging threats associated with the product as well as the products they are dependent on
• Co-design product alternate control procedures and configurations, register them in our system of record, and ensure they evolve and remain effective
• Brief stakeholders on key security risks and emerging threats associated with the product, technology stack, and customer base
• Assess and influence cybersecurity risk priorities within the book of work that are aligned to the control design in the CTC product roadmap
• Stay up to date with industry trends, best practices, and regulatory standards that may impact the product's implementation
• Support the engineering of control solutions where existing offerings are not available
• Provide security expertise during incident and problem management

Preferred Experience:

• Key enabler: delivery of secure and compliant product features at the speed that the business requires
• Expert in attack paths across the technology stack, including tactics, techniques and procedures (TTP) used by adversaries to exploit vulnerabilities
• Trusted advisor throughout the product, service, and/or feature development lifecycle, incorporating knowledge of emerging threats, business goals, and system design to improve a product's security posture
• Responsible for aligning CTC's strategy, security design and controls engineering to Product roadmap
• Responsible for providing transparency to Leadership on Product's Control performance and associated Risk
• You will have experience in a number of domains, and be excited by opportunities to grow more skills and capabilities:
• Application Security, Agile Delivery; Applied Architecture & Systems Design; Automation & Continuous Delivery (CI/CD)
• Data Fluency; Distributed Systems Design & Development; Interface Design & Development (UI/UX)
• Leading Edge Technologies; Operational Management; Secure Coding
• Security Governance; Network & Infrastructure.
• Security; Threat & Vulnerability Management; Continuity Management
• Threat Modeling; Security Architecture & Design; Data Security; Technical Design
• Technical Strategy & Advice; Architecture Governance Community; Technology Evaluation & Selection;
• You will be passionately working on a Certification / industry knowledge personal journey.
• CISM / CISSP
• Cloud (AWS/Azure)
• Modern Development
• Technical Skills
• Broad knowledge of controls and frameworks in the industry (NIST, ISO, PCI, SOC, MIRE ATT&CK...)
• Identity and Access Management (SAML, OAuth, Kerberos, certs, TLS)

About Us
Chase is a leading financial services firm, helping nearly half of America's households and small businesses achieve their financial goals through a broad range of financial products. Our mission is to create engaged, lifelong relationships and put our customers at the heart of everything we do. We also help small businesses, nonprofits and cities grow, delivering solutions to solve all their financial needs.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
Equal Opportunity Employer/Disability/Veterans
About the Team
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.