SDLC / Container Security

Job Description As part of the JPMorganChase transition to a cloud first environment, Cybersecurity & Technology Controls is creating a team to provide simplified, secure and automated application patterns. We want our developers to be able to quickly find a well-considered design for common service use cases, apply it to their application, and deploy through an automated pipeline, all while knowing exactly which threats are mitigated and which regulations are met.
Leveraging your development and security background, you will produce a library of consistent, secure, automated patterns for code released through CI/CD pipelines including Jenkins and Spinnaker, and utilizing support services from Amazon Web Services, Google Cloud Platform, Cloud Foundry, and Kubernetes container environments. These patterns include both documentation explaining the requirements and rationale for the design, and directly usable code samples, pipeline and container control frameworks, and automated deployment scripts. A typical journey will involve documenting and getting agreement to the approach & value suggested, researching the key compliance and security requirements, and then designing & prototyping application libraries, release frameworks, APIs and platform automation services for industrialization with the engineering teams.
You will bring your desire to press into a variety of different technologies and development teams to work across a set of the potential adopters and rapidly break new ground, improving existing control approaches with the engineers adopting the pattern you help design, while keeping an eye on developing standards for APIs, deployment orchestration, data models and security standards to continuously improve consistency and convenience for our developers.
This role is all about taking identified problem areas and moving quickly to proven solution approaches that can be ported across different technologies and tested against changing requirements over time.
The ideal candidate will be:
- communicative, collaborative, detail oriented, curious, calm, engaged
- evidence structure in thinking, design process - requirements->solutions->design->implementation
- able to articulate how to iterate in agile fashion, bringing partners with you
- able to articulate balance of clean design vs timely delivery; constraining scope/breadbox
- must have a 6+ year background of technical excellence across at least 2 of:
- infrastructure / automation engineer ; at scale automation of Unix, DB, appliances, and/or public cloud services
- container environments, including some of kubernetes, k3os, tanzu, CRI-O, containerd, mirantis, docker
- java, python, C# CI/Cd pipelines including unit testing, open source integration, build and release on Jenkins or Spinnaker
- Service Reliability Engineering for deployed applications combining custom code, RESTful APIs and containerised support services
- security architecture, pen testing, hardening
- prefer experience with the following desirable technologies:
- AWS, GCP, Azure
- k8s, Cloud Foundry
- aquasec, qualys, and other container/vulnerability security management platforms
- Terraform, CloudFormation, Ansible
- Dependency / Package management, Spring Boot
- Linux
- Java, Python, React, Angular
- Jenkins, Spinnaker
- Data Analytics
- Git, Bitbucket
- docker hub, ECR, artifactory
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 20 technology centers worldwide, our team of 50,000 technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $10B+ annual investment in technology enables us to hire people to create innovative solutions that will are transforming the financial services industry.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.