Propel your engineering excellence to new heights by becoming a part of a talented and exceptional team. Take your place among the best in the industry.

As a Principal Security Engineer at JPMorgan Chase within the Cybersecurity and Technology Controls organization, you provide expertise and engineering excellence as an integral part of an agile team to enhance and develop cybersecurity software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Leverage your advanced technical capabilities and collaborate with colleagues across the organization to drive best-in-class outcomes

We are seeking a Principal Security Engineer to join our dynamic Risk Discovery team. This role is pivotal in safeguarding our enterprise systems through the implementation of data-driven security and posture management solutions that ensure the security and resilience of our infrastructure. The Principal Security Engineer will work closely with various teams to improve our security posture through the implementation of advanced, industry-leading products and tooling that identify and disposition risk within the Active Directory realm.

CTC IAM Risk Discovery is focused on enabling secure products in the IAM space that possess a transparent risk posture. We develop people, process, and technology that help product teams to identify security/privacy and operational risk during their product lifecycle, and surface that risk to inform tactical mitigation, strategic direction, and measurable improvement of product quality.

Job responsibilities

Design, develop, integrate, and maintain custom, data-driven security posture and vulnerability management solutions within the enterprise environment. Collaborate with other software engineering teams as necessary to integrate security products and workflows in Java, Python, PowerShell, and other languages. Lead or support vulnerability management efforts, including tooling and workflow automation. Develop and implement security and risk scoring strategies to guide remediation efforts. Conduct security assessments and provide remediation guidance to various teams. Identifies and implements tools and processes to allow efficient sharing of data and information to promote business agility while ensuring regulatory compliance Evaluates and proposes new security-related products and services Assists with forensic analysis of security incidents Continually assesses new trends in technology and determines implications on the overall security control process Drives security engineering thought leadership within the product line Champions the firm’s culture of diversity, equity, inclusion, and respect

 

Required qualifications, capabilities, and skills

Formal training or certification on software engineering* concepts and 10+ years applied experience Experience developing security engineering solutions for public cloud-based applications and infrastructure Experience applying expertise and new methods to determine net new solutions for complex technology problems in one or more technical disciplines Fluent in one or more programming languages such as Java, Python, PowerShell, or equivalent. Strong knowledge of Microsoft Active Directory and EntraID. Experience with ServiceNow, Atlassian Jira, or other security workflow/incident management tools and API integrations. Hands-on experience integrating vulnerability management tools and processes programmatically. Strong knowledge of data management, refinement, and enrichment techniques and implementation strategies Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., IAM, Data Engineering, etc.)   Significant experience with threat modeling  Practical cloud native experience - AWS

 

Preferred qualifications, capabilities, and skills

Strong understanding of graphing databases (Neo4J, GraphDB, etc.) Experience in red/blue/purple teaming or adversary emulation/defense tooling is a significant advantage Relevant certifications (e.g., CISSP, CEH, OSCP) are a plus.