
at J.P. Morgan
Bulge Bracket Investment BanksPosted 4 days ago
No clicks
**Lead Security Engineer - Red Team**: Drive secure software solutions at JPMorgan Chase, using your senior-level expertise in cloud-native AI services and security. Lead the development of secure-by-design AI-enabled systems, conduct adversarial testing, and collaborate across teams to enhance security strategies. Key responsibilities include: designing secure architectures, threat modeling, red teaming methodologies, and working with enterprise-authorized AI capabilities. Proficient in Python, Terraform, and cloud-native AI services, with experience in threat modeling and IAM concepts. Foster inclusive teams and manage release cycles.
- Compensation
- Not specified USD
- City
- Not specified
- Country
- United States
Currency: $ (USD)
Full Job Description
Location: Plano, TX, United States
Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Technology Controls for AI/ML, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions.
Job Responsibilities
- Design, develop, and deploy enterprise-scale software applications and services, solving business problems through strong software engineering practices with a focus on secure-by-design, adversarial resilient AI-enabled systems.
- Participate in all SDLC phasesrequirements analysis, solution design, documentation, implementation, testing, performance tuning, automation, production/non-production support, and release managementincorporating enterprise architecture standards into application designs.
- Translate functional and technical requirements into high-quality application modules and microservices, and develop secure, high-quality production code for both AI and non-AI components aligned to predefined architectural specifications. Design secure AI and software architectures, and conduct design and code reviews that challenge assumptions and validate security, quality, maintainability, and adversarial resilience.
- Develop and enhance security strategies and red teaming programsdefining AI red teaming methodologies, playbooks, and success metricswhile troubleshooting technical issues and creating scalable solutions. Conduct discovery, threat modeling, and adversarial testing on generative AI, RAG pipelines, and ML systems to identify vulnerabilities such as prompt injection, jailbreaking, data poisoning, and data leakage.
- Reduce AI/LLM vulnerabilities by adhering to industry standards and emerging AI safety research, evolving policies, testing protocols, and controls, and providing guidance on secure design, logging, monitoring, and compensating controls. Write unit/integration test cases and establish robust CI/CD quality gates, and handle production and non-production support by troubleshooting issues and improving operational readiness through monitoring, logging, and reliability enhancements.
- Lead evaluation sessions with external vendors, researchers, standards bodies, and internal platform/cloud security teams to probe designs, ensure secure infrastructure configuration, and bring emerging AI threat best practices into the organization.
- Collaborate directly with stakeholders across product, data science, cyber, legal, and risk to analyze requirements and recommend modifications during heightened vulnerability or regulatory change; manage backlog documentation and release management across environments; and foster a cross-functional team culture of diversity, equity, inclusion, and respect.
- Uses enterprise-authorized AI capabilities within the work environment to accelerate threat modeling, vulnerability analysis synthesis, and security documentation, validating outputs and ensuring sensitive data is handled appropriately.
- Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations.
Required Qualifications, Capabilities, and Skills
- Formal training or certification in Public Cloud environment concepts and advanced hands-on experience with cloud-native AI services (e.g., Bedrock).
- Experience with threat modeling, discovery, vulnerability, and penetration testing (e.g., MITRE ATLAS, OWASP Top 10 for LLMs) and foundational cybersecurity concepts such as IAM, Authentication, OIDC, SAML.
- Practical experience with Infrastructure as Code (IaC) solutions like Terraform and CloudFormation.
- Proficiency in Python scripting.
- Strong understanding of AI/ML concepts and trends, with knowledge of AI red teaming foundational concepts to design and implement exercises for complex AI architectures.
Ability to conceptualize, design, validate, and communicate creative technical solutions to enterprise-level security problems, including building internal tools, dashboards, and automation for red teaming activities.
Preferred Qualifications, Capabilities, and Skills
- Expertise in planning, designing, and implementing AI red teaming exercises and enterprise-level security solutions for generative AI, LLMs, and ML systems.
- Experience with specialized AI security/red teaming tools and frameworks (e.g., PyRIT, Garak, custom LLM evaluation harnesses) and contributions to AI security or open-source security projects
#CTC




