
at J.P. Morgan
Bulge Bracket Investment BanksPosted 3 days ago
No clicks
**Security Engineer II - SaaS** - Seattle, WA: Design & build Java services ingesting high-volume SaaS security telemetry. Engineer event processing pipelines, platform auth & authorization, and actionable detections. 1-3 years of Java proficiency and backend system-building experience required, with a focus on secure software development and stream processing. Drive operational excellence and collaborate with teams to deliver security posture insights. Preferred: experience with auth services, streaming platforms, and cloud infrastructure.
- Compensation
- Not specified USD
- City
- Seattle
- Country
- United States
Currency: $ (USD)
Full Job Description
Location: Seattle, WA, United States
We are looking for a Security Engineer to build a security platform to secure the firm's usage of SaaS platforms. The platform will monitor security posture and threat signals from SaaS vendors and apply various detection models to analyze the data. This platform will support real-time analytics and scale to the increasing demands of usage across the company. This is a hands-on role for an engineer who enjoys building high-scale, event-driven systems and applying secure-by-design and trustworthy computing principles into everything they ship.
- Build Java-based services that ingest, validate, normalize, and enrich high-volume security telemetry from SaaS vendors (e.g., posture signals, audit/admin events).
- Design and operate event processing pipelines with strong correctness properties (deduplication, idempotency, retries, replay/backfill, schema evolution).
- Develop platform authentication and authorization capabilities (service identity, token lifecycle, least privilege, policy enforcement, audit logging).
- Partner with security and engineering teams to deliver actionable detections and posture insights, and to onboard new SaaS integrations efficiently.
- Drive operational excellence: observability, performance, reliability/SLOs, incident readiness, and automation.
- Establishes portfolio-level guardrails for AI-assisted workflows used in cybersecurity architecture and governance, ensuring traceability/auditability and alignment to security and resiliency expectations.
- Leads reuse-first adoption of enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis, portfolio-level option evaluation, and delivery of strategic solutions, with human-in-the-loop validation and appropriate handling of sensitive data.
- Formal training or certification with 1-3 years building production backend systems; strong proficiency in Java.
- Experience building streaming / event-driven architectures at scale and handling large data volumes.
- Proven track record developing secure software end-to-end (secure coding, threat modeling, dependency hygiene, vulnerability remediation).
- Solid fundamentals in designing/building systems that are security focused (e.g. implementing authentication/authorization, least privilege, and auditability).
- Strong ownership mindset and ability to collaborate across engineering and security stakeholders.
- Demonstrated experience leading safe adoption of enterprise-authorized AI capabilities within the work environment across cybersecurity architecture workflows, including validation practices and awareness of data sensitivity.
- Ability to assess and validate AI-assisted security recommendations and AI-enabled architecture patterns before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.
- Experience with authentication services and modern identity patterns (OIDC/OAuth2 concepts, JWT handling, mTLS, key/cert rotation).
- Streaming platform expertise (Kafka-like systems, consumer group patterns, DLQs, processing guarantees tradeoffs).
- SaaS vendor security integrations (audit log/admin APIs, rate limits, connector frameworks).
- Cloud infrastructure experience (containers, infrastructure-as-code) and secure deployment patterns.
#CTC
The Security Software Engineer II is responsible for building the technical infrastructure, automation, and continuous guardrails required to secure data, cloud environments, and artificial intelligence workloads. You will bridge the gap between software development and cybersecurity, ensuring applications and the firm are secure by design.



