Sr Lead Security Engineer - Workforce

JPMorgan Chase · Banking · Wilmington, DE +1 · Corporate Sector

Senior Lead Security Engineer role focused on designing, building, and implementing advanced security solutions across cloud, hybrid, and on-prem environments. The role involves hands-on coding, automation, integrating security controls, and driving the adoption of emerging cybersecurity technologies, including AI/ML-driven security analytics. Responsibilities include threat modeling, risk assessment, mentoring junior engineers, and collaborating with cross-functional teams. The role emphasizes using enterprise-authorized AI capabilities to accelerate security risk analysis and documentation, with a strong focus on validation and data sensitivity.

What you'd actually do

Independently design, build, and implement advanced security solutions across cloud, hybrid, and on-prem environments, ensuring alignment with the latest industry best practices and regulatory requirements.
Actively write code, develop automation, and integrate security controls throughout the software development lifecycle, collaborating with engineering teams to embed security from ideation to deployment.
Drive adoption and direct implementation of emerging cybersecurity technologies (e.g., zero trust architectures, container security, AI/ML-driven security analytics) to enhance the organization’s security posture.
Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations.
Uses enterprise-authorized AI capabilities within the work environment to accelerate security risk analysis and documentation (e.g., synthesizing threat assessments), validating outputs and ensuring sensitive data is handled appropriately.

Skills

Required

5 plus years of applied training or certification on software engineering concepts
Proven track record in hands-on design, development, and deployment of enterprise-grade security solutions in public cloud environments (AWS, GCP, Azure), with direct experience integrating security controls into cloud-native architectures.
Demonstrated ability to perform comprehensive threat modeling and risk assessments for applications, systems, and architectures using frameworks such as STRIDE, DREAD, or PASTA.
Advanced proficiency in at least one modern programming language (e.g., Python, C/C#, Go, Java) and scripting for automation and security tooling, with a focus on building and deploying solutions.
Deep understanding of secure software development practices, including code review, static/dynamic analysis, and vulnerability remediation across multiple technology domains (cloud, AI/ML, mobile, etc.).
Experience implementing and managing CI/CD pipelines (e.g., Jenkins, GitHub Actions) with integrated security testing and controls.
Expertise in version control systems (e.g., Git, BitBucket) and agile work management tools (e.g., Jira), with a focus on collaborative, cross-functional engineering environments.
Ability to independently solve complex design and functionality challenges, proactively identifying and mitigating security risks with minimal oversight.
Experience working with vendors to assess the sufficiency of their security practices and controls to meet industry standards.
Ability to review and validate AI-assisted security recommendations before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.
Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support security engineering workflows with strong validation habits and awareness of data sensitivity.

Nice to have

Experience with modern security engineering practices, such as infrastructure as code (IaC), DevSecOps, and automated security testing.
Hands-on experience with cloud-native security tools (e.g., AWS Security Hub, Azure Sentinel, GCP Security Command Center) and container orchestration platforms (e.g., Kubernetes).
Active participation in the cybersecurity community, such as contributing to open-source projects, attending or speaking at conferences, or publishing research.
Experience implementing zero trust architectures, micro-segmentation, or advanced identity and access management solutions.
Strong understanding of privacy and data protection regulations (e.g., GDPR, CCPA) and their impact on security engineering.
Experience within Cyber Security is preferred with a good understanding of industry frameworks like MITRE ATT&CK, NIST, CIS, etc.
Relevant advanced certifications (e.g., CISSP, CCSP, AWS Certified Security Specialty, GIAC)

What the JD emphasized

AI/ML-driven security analytics
AI-assisted practices within SDLC/toolchain
enterprise-authorized AI capabilities within the work environment
AI-assisted security recommendations

Read full job description

Join a team where you can play a crucial role in shaping the future of a world-renowned company and make a direct and meaningful impact in a space designed for top performers.

As a Senior Lead Security Engineer at JPMorgan Chase within Cybersecurity and Technology Controls, you are an integral part of an agile team that delivers secure, innovative software solutions. You will leverage your deep technical expertise and problem-solving skills to address a diverse array of cybersecurity challenges spanning multiple technology domains, driving significant business impact and shaping the organization’s security posture in a rapidly evolving threat landscape.

This is a hands-on engineering role focused on technical execution, solution delivery, and direct contribution to security engineering projects. This is not a people management or administrative position.

Job Responsibilities

Independently design, build, and implement advanced security solutions across cloud, hybrid, and on-prem environments, ensuring alignment with the latest industry best practices and regulatory requirements.
Actively write code, develop automation, and integrate security controls throughout the software development lifecycle, collaborating with engineering teams to embed security from ideation to deployment.
Facilitate security requirements clarification for multiple networks to enable multi-level security that satisfies organizational needs.
Drive adoption and direct implementation of emerging cybersecurity technologies (e.g., zero trust architectures, container security, AI/ML-driven security analytics) to enhance the organization’s security posture.
Be responsible for triaging based on risk assessments of various threats and managing resources to cover the impact of disruptive events.
Utilize a deep understanding of the threat landscape and risk to build security into products and new features.
Mentor and provide technical guidance to junior engineers through code reviews and knowledge sharing, while remaining an individual contributor.
Collaborate cross-functionally with product, infrastructure, and business teams to ensure security requirements are understood, prioritized, and implemented effectively.
Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations.
Stay abreast of the latest cybersecurity trends, threat intelligence, and attack techniques, and translate insights into actionable improvements for the organization.
Uses enterprise-authorized AI capabilities within the work environment to accelerate security risk analysis and documentation (e.g., synthesizing threat assessments), validating outputs and ensuring sensitive data is handled appropriately.
Develop and maintain incident response playbooks, and lead post-incident reviews to drive continuous improvement from a technical perspective.

Required Qualifications, Capabilities, and Skills

Obtain 5 plus years of applied training or certification on software engineering concepts
Proven track record in hands-on design, development, and deployment of enterprise-grade security solutions in public cloud environments (AWS, GCP, Azure), with direct experience integrating security controls into cloud-native architectures.
Demonstrated ability to perform comprehensive threat modeling and risk assessments for applications, systems, and architectures using frameworks such as STRIDE, DREAD, or PASTA.
Advanced proficiency in at least one modern programming language (e.g., Python, C/C#, Go, Java) and scripting for automation and security tooling, with a focus on building and deploying solutions.
Deep understanding of secure software development practices, including code review, static/dynamic analysis, and vulnerability remediation across multiple technology domains (cloud, AI/ML, mobile, etc.).
Experience implementing and managing CI/CD pipelines (e.g., Jenkins, GitHub Actions) with integrated security testing and controls.
Expertise in version control systems (e.g., Git, BitBucket) and agile work management tools (e.g., Jira), with a focus on collaborative, cross-functional engineering environments.
Ability to independently solve complex design and functionality challenges, proactively identifying and mitigating security risks with minimal oversight.
Experience working with vendors to assess the sufficiency of their security practices and controls to meet industry standards.
Ability to review and validate AI-assisted security recommendations before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.
Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support security engineering workflows with strong validation habits and awareness of data sensitivity.

Preferred Qualifications, Capabilities, and Skills

Experience with modern security engineering practices, such as infrastructure as code (IaC), DevSecOps, and automated security testing.
Hands-on experience with cloud-native security tools (e.g., AWS Security Hub, Azure Sentinel, GCP Security Command Center) and container orchestration platforms (e.g., Kubernetes).
Active participation in the cybersecurity community, such as contributing to open-source projects, attending or speaking at conferences, or publishing research.
Experience implementing zero trust architectures, micro-segmentation, or advanced identity and access management solutions.
Strong understanding of privacy and data protection regulations (e.g., GDPR, CCPA) and their impact on security engineering.
Experience within Cyber Security is preferred with a good understanding of industry frameworks like MITRE ATT&CK, NIST, CIS, etc.
Relevant advanced certifications (e.g., CISSP, CCSP, AWS Certified Security Specialty, GIAC, OSCP) are highly desirable.
Excellent communication and presentation skills, with the ability to convey complex security concepts to technical and non-technical audiences.
Experience with security automation and orchestration using tools like Terraform, Ansible, or custom scripting.
Prior experience in highly regulated industries (finance, healthcare, etc.).
Willingness to learn and drive to excel.

Join a team where you can play a crucial role in shaping the future of a world-renowned company and make a direct and meaningful impact in a space designed for top performers.

Job Responsibilities

Independently design, build, and implement advanced security solutions across cloud, hybrid, and on-prem environments, ensuring alignment with the latest industry best practices and regulatory requirements.
Actively write code, develop automation, and integrate security controls throughout the software development lifecycle, collaborating with engineering teams to embed security from ideation to deployment.
Facilitate security requirements clarification for multiple networks to enable multi-level security that satisfies organizational needs.
Drive adoption and direct implementation of emerging cybersecurity technologies (e.g., zero trust architectures, container security, AI/ML-driven security analytics) to enhance the organization’s security posture.
Be responsible for triaging based on risk assessments of various threats and managing resources to cover the impact of disruptive events.
Utilize a deep understanding of the threat landscape and risk to build security into products and new features.
Mentor and provide technical guidance to junior engineers through code reviews and knowledge sharing, while remaining an individual contributor.
Collaborate cross-functionally with product, infrastructure, and business teams to ensure security requirements are understood, prioritized, and implemented effectively.
Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations.
Stay abreast of the latest cybersecurity trends, threat intelligence, and attack techniques, and translate insights into actionable improvements for the organization.
Uses enterprise-authorized AI capabilities within the work environment to accelerate security risk analysis and documentation (e.g., synthesizing threat assessments), validating outputs and ensuring sensitive data is handled appropriately.
Develop and maintain incident response playbooks, and lead post-incident reviews to drive continuous improvement from a technical perspective.

Required Qualifications, Capabilities, and Skills

Obtain 5 plus years of applied training or certification on software engineering concepts
Proven track record in hands-on design, development, and deployment of enterprise-grade security solutions in public cloud environments (AWS, GCP, Azure), with direct experience integrating security controls into cloud-native architectures.
Demonstrated ability to perform comprehensive threat modeling and risk assessments for applications, systems, and architectures using frameworks such as STRIDE, DREAD, or PASTA.
Advanced proficiency in at least one modern programming language (e.g., Python, C/C#, Go, Java) and scripting for automation and security tooling, with a focus on building and deploying solutions.
Deep understanding of secure software development practices, including code review, static/dynamic analysis, and vulnerability remediation across multiple technology domains (cloud, AI/ML, mobile, etc.).
Experience implementing and managing CI/CD pipelines (e.g., Jenkins, GitHub Actions) with integrated security testing and controls.
Expertise in version control systems (e.g., Git, BitBucket) and agile work management tools (e.g., Jira), with a focus on collaborative, cross-functional engineering environments.
Ability to independently solve complex design and functionality challenges, proactively identifying and mitigating security risks with minimal oversight.
Experience working with vendors to assess the sufficiency of their security practices and controls to meet industry standards.
Ability to review and validate AI-assisted security recommendations before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.
Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support security engineering workflows with strong validation habits and awareness of data sensitivity.

Preferred Qualifications, Capabilities, and Skills

Experience with modern security engineering practices, such as infrastructure as code (IaC), DevSecOps, and automated security testing.
Hands-on experience with cloud-native security tools (e.g., AWS Security Hub, Azure Sentinel, GCP Security Command Center) and container orchestration platforms (e.g., Kubernetes).
Active participation in the cybersecurity community, such as contributing to open-source projects, attending or speaking at conferences, or publishing research.
Experience implementing zero trust architectures, micro-segmentation, or advanced identity and access management solutions.
Strong understanding of privacy and data protection regulations (e.g., GDPR, CCPA) and their impact on security engineering.
Experience within Cyber Security is preferred with a good understanding of industry frameworks like MITRE ATT&CK, NIST, CIS, etc.
Relevant advanced certifications (e.g., CISSP, CCSP, AWS Certified Security Specialty, GIAC, OSCP) are highly desirable.
Excellent communication and presentation skills, with the ability to convey complex security concepts to technical and non-technical audiences.
Experience with security automation and orchestration using tools like Terraform, Ansible, or custom scripting.
Prior experience in highly regulated industries (finance, healthcare, etc.).
Willingness to learn and drive to excel.