The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls, and resiliency teams. The team under the group focuses on cybersecurity in Public Clouds. We proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls in Public Cloud Environments. 

As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls group, you will help build solutions relating to Cloud Environment Governance and Protection, Auditing, Monitoring, Remediation, and Reporting. You will help develop software solutions to ensure a secure Public Cloud environment and implement sufficient controls to safeguard and protect resources in Public Clouds.

Job Responsibilities

• Engage and improve the whole lifecycle of services - from inception and design through deployment, operation and refinement
• Develop and build solutions relating to Cloud Environment Governance and Protection, Auditing, Monitoring, Remediation and Reporting 
• Design, develop and improve services to scale as the firm's cloud usage grows 
• Develop, test, deploy, maintain and enhance software/tooling solutions
• Manage individual project priorities, deadlines and deliverables
• Conduct system design and code reviews, ensuring adherence to best practices and security standards.
• Champion engineering and operational excellence across cloud security initiatives.
• Lead stakeholder engagement, communicate technical designs, and secure buy-in for security solutions.

• Mentor and guide junior engineers, fostering a culture of continuous learning and improvement.

  Required qualifications, capabilities and skills

• Bachelor’s degree in Computer Science or related field, or equivalent practical experience.
• Extensive experience architecting and developing cloud-native security solutions using GCP services or AWS (e.g., IAM,  VPC, Serverless, BigQuery, DynamoDB, Pub/Sub etc.).
• Strong proficiency in Infrastructure as Code (IaC) tools, especially Terraform (GCP modules).
• Experience developing enterprise-grade software, with proficiency in Python and other relevant languages.
• Hands-on experience with CI/CD pipelines and tools (e.g., GitHub, Jenkins) in cloud environments.
• Experience with Agile development methodologies.
• Excellent verbal and written communication skills, with the ability to articulate complex technical concepts to diverse audiences.
• Demonstrated ability to quickly learn and adapt to new cloud architectures and technologies.
• Analytical skills to interpret system metrics and data for actionable insights.
• Strategic thinker with a focus on long-term technical health and minimizing future tech debt.
• Ability to work independently and collaboratively, building strong relationships across teams.

Preferred qualifications, capabilities and skills

• Knowledge of cybersecurity principles and practices.
• Experience with other public cloud platforms GCP or AWS
• Hands-on experience with container security (Kubernetes, GKE).
• Relevant cloud certifications, such as Google Professional Cloud Security Engineer, Google Professional Cloud Architect, or AWS/Azure equivalents.
• Understanding of cloud security best practices, compliance frameworks, and risk management in GCP.
• Proven ability to conceptualize, design, validate, and implement innovative solutions to complex security challenges.