What are the responsibilities and job description for the Lead Security Engineer- Storage position at JPMorgan Chase?
Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions.
As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls you will oversee the security of our Storage product line, with a primary focus on File products. This role is responsible for ensuring the security posture of file storage solutions through rigorous review, threat modeling, security configuration management, and drift detection. The ideal candidate will have deep expertise in storage security, threat analysis, and enterprise security best practices.
Job responsibilities
- Lead the security strategy, implementation, and ongoing management for all file storage products within the Storage product line.
- Conduct comprehensive security reviews of file storage solutions, identifying vulnerabilities and recommending remediation strategies.
- Define, implement, and manage security configurations for file storage products, ensuring alignment with JPMC security standards and industry best practices.
- Work closely with product owners, engineering teams, and other stakeholders to embed security into the product lifecycle and provide expert guidance.
- Stay current with emerging threats, technologies, and best practices in storage security. Drive continuous improvement initiatives for the security of file products.
- Adds to team culture of diversity, opportunity, inclusion, and respect
Required qualifications, capabilities, and skills
- Formal training or certification on security concepts and 5 years applied experience in security engineering, with a focus on storage and file products.
- Strong expertise in threat modeling, vulnerability assessment, and security configuration management.
- Experience with drift detection tools and methodologies.
- Deep understanding of file storage technologies (NAS, SAN, cloud file storage, etc.).
- Familiarity with regulatory requirements and compliance frameworks (e.g., SOX, PCI-DSS, GDPR).
Excellent analytical, problem-solving, and communication skills.
Preferred qualifications, capabilities, and skills
- Experience with automation and scripting (Python, PowerShell, etc.).
- Knowledge of storage security (AWS, Azure, GCP, Dell Isilon, OnTap, Netapp Solidfire, Dell PowerFlex).
- Experience with security monitoring and incident response tools.
- Experience working in large enterprise environments, preferably in financial services.