JPMorgan Chase & : JPM) is a leading Functional financial services firm with assets of > $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
The Cybersecurity & Technology Controls (CTC) group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls, and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm protected, stable and resilient.
This role is within the CTC Product Security team aligned to the Atlas Public Cloud platform within AWS. As a Cloud Security Engineer, your primary responsibility will be to ensure that Public Cloud is adopted in a secure and compliant manner. You will play an important role in identifying and managing risk related issues and actions with respective technology. You will have an eye for detail and an ability to see the big picture across security issues.
Responsibilities:
• Support the execution and enhancement of a long-term information risk and control strategy designed to keep the information assets of the public cloud secure.
• Deliver threat models and risk-based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components.
• Support business technology teams to understand firm control requirements and implementations across a broad range of cloud architectures.
• Perform security reviews of infrastructure-as-code for cloud platform development.
• Develop preventive and detective controls to enforce control requirements.
• Contribute to documentation and agile processes in support of security programs.
• Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, IAM and network security.
Preferred Skills:
• Keen desire to understand and secure public cloud technology.
• Eagerness to collaborate in a team, and comfortable in both virtual and office environments.
• Self-disciplined, self-managed, self-motivated and strong sense of ownership, urgency, and drive.
• Excellent verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, peer groups, regulators, and senior stakeholders.
• Ability to prioritize and work under stringent timelines.
• Experience with threat modeling, discovery, vulnerability, and penetration testing
• AWS, Azure, or Google Cloud certifications would be an advantage.
• Hands on experience of developing, engineering, or architecting within a public cloud environment would be an advantage.
• Experience engineering with Terraform or infrastructure-as-code would be an advantage.
• Understanding of DevOps or CI/CD concepts would be an advantage.