LOG IN
SIGN UP
Canary Wharfian - Online Investment Banking & Finance Community.
Sign In
or continue with e-mail and password
Forgot password?
Don't have an account?
Create an account
or continue with e-mail and password
By signing up, you agree to our Terms & Conditions and Privacy Policy.

Security Engineer II -SAAS

ExperiencedNo visa sponsorship
J.P. Morgan logo

at J.P. Morgan

Bulge Bracket Investment Banks

Posted 3 days ago

No clicks

**Security Engineer II - SaaS** - Seattle, WA: Design & build Java services ingesting high-volume SaaS security telemetry. Engineer event processing pipelines, platform auth & authorization, and actionable detections. 1-3 years of Java proficiency and backend system-building experience required, with a focus on secure software development and stream processing. Drive operational excellence and collaborate with teams to deliver security posture insights. Preferred: experience with auth services, streaming platforms, and cloud infrastructure.

Compensation
Not specified USD

Currency: $ (USD)

City
Seattle
Country
United States

Full Job Description

Location: Seattle, WA, United States

We are looking for a Security Engineer to build a security platform to secure the firm's usage of SaaS platforms.  The platform will monitor security posture and threat signals from SaaS vendors and apply various detection models to analyze the data.  This platform will support real-time analytics and scale to the increasing demands of usage across the company. This is a hands-on role for an engineer who enjoys building high-scale, event-driven systems and applying secure-by-design and trustworthy computing principles into everything they ship. 

Job Responsibilities 

  • Build Java-based services that ingest, validate, normalize, and enrich high-volume security telemetry from SaaS vendors (e.g., posture signals, audit/admin events). 
  • Design and operate event processing pipelines with strong correctness properties (deduplication, idempotency, retries, replay/backfill, schema evolution). 
  • Develop platform authentication and authorization capabilities (service identity, token lifecycle, least privilege, policy enforcement, audit logging). 
  • Partner with security and engineering teams to deliver actionable detections and posture insights, and to onboard new SaaS integrations efficiently. 
  • Drive operational excellence: observability, performance, reliability/SLOs, incident readiness, and automation. 
  • Establishes portfolio-level guardrails for AI-assisted workflows used in cybersecurity architecture and governance, ensuring traceability/auditability and alignment to security and resiliency expectations.
  • Leads reuse-first adoption of enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis, portfolio-level option evaluation, and delivery of strategic solutions, with human-in-the-loop validation and appropriate handling of sensitive data.

Required qualifications, capabilities, and skills

  • Formal training or certification with 1-3 years building production backend systems; strong proficiency in Java. 
  • Experience building streaming / event-driven architectures at scale and handling large data volumes. 
  • Proven track record developing secure software end-to-end (secure coding, threat modeling, dependency hygiene, vulnerability remediation). 
  • Solid fundamentals in designing/building systems that are security focused (e.g. implementing authentication/authorization, least privilege, and auditability). 
  • Strong ownership mindset and ability to collaborate across engineering and security stakeholders. 
  • Demonstrated experience leading safe adoption of enterprise-authorized AI capabilities within the work environment across cybersecurity architecture workflows, including validation practices and awareness of data sensitivity.
  • Ability to assess and validate AI-assisted security recommendations and AI-enabled architecture patterns before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.

Preferred qualifications, capabilities, and skills

  • Experience with authentication services and modern identity patterns (OIDC/OAuth2 concepts, JWT handling, mTLS, key/cert rotation). 
  • Streaming platform expertise (Kafka-like systems, consumer group patterns, DLQs, processing guarantees tradeoffs). 
  • SaaS vendor security integrations (audit log/admin APIs, rate limits, connector frameworks). 
  • Cloud infrastructure experience (containers, infrastructure-as-code) and secure deployment patterns. 

 

#CTC

The Security Software Engineer II is responsible for building the technical infrastructure, automation, and continuous guardrails required to secure data, cloud environments, and artificial intelligence workloads. You will bridge the gap between software development and cybersecurity, ensuring applications and the firm are secure by design.

Security Engineer II -SAAS

Compensation

Not specified USD

City: Seattle

Country: United States

J.P. Morgan logo
Bulge Bracket Investment Banks

3 days ago

No clicks

at J.P. Morgan

ExperiencedNo visa sponsorship

**Security Engineer II - SaaS** - Seattle, WA: Design & build Java services ingesting high-volume SaaS security telemetry. Engineer event processing pipelines, platform auth & authorization, and actionable detections. 1-3 years of Java proficiency and backend system-building experience required, with a focus on secure software development and stream processing. Drive operational excellence and collaborate with teams to deliver security posture insights. Preferred: experience with auth services, streaming platforms, and cloud infrastructure.

Full Job Description

Location: Seattle, WA, United States

We are looking for a Security Engineer to build a security platform to secure the firm's usage of SaaS platforms.  The platform will monitor security posture and threat signals from SaaS vendors and apply various detection models to analyze the data.  This platform will support real-time analytics and scale to the increasing demands of usage across the company. This is a hands-on role for an engineer who enjoys building high-scale, event-driven systems and applying secure-by-design and trustworthy computing principles into everything they ship. 

Job Responsibilities 

  • Build Java-based services that ingest, validate, normalize, and enrich high-volume security telemetry from SaaS vendors (e.g., posture signals, audit/admin events). 
  • Design and operate event processing pipelines with strong correctness properties (deduplication, idempotency, retries, replay/backfill, schema evolution). 
  • Develop platform authentication and authorization capabilities (service identity, token lifecycle, least privilege, policy enforcement, audit logging). 
  • Partner with security and engineering teams to deliver actionable detections and posture insights, and to onboard new SaaS integrations efficiently. 
  • Drive operational excellence: observability, performance, reliability/SLOs, incident readiness, and automation. 
  • Establishes portfolio-level guardrails for AI-assisted workflows used in cybersecurity architecture and governance, ensuring traceability/auditability and alignment to security and resiliency expectations.
  • Leads reuse-first adoption of enterprise-authorized AI capabilities within the work environment to accelerate cybersecurity architecture analysis, portfolio-level option evaluation, and delivery of strategic solutions, with human-in-the-loop validation and appropriate handling of sensitive data.

Required qualifications, capabilities, and skills

  • Formal training or certification with 1-3 years building production backend systems; strong proficiency in Java. 
  • Experience building streaming / event-driven architectures at scale and handling large data volumes. 
  • Proven track record developing secure software end-to-end (secure coding, threat modeling, dependency hygiene, vulnerability remediation). 
  • Solid fundamentals in designing/building systems that are security focused (e.g. implementing authentication/authorization, least privilege, and auditability). 
  • Strong ownership mindset and ability to collaborate across engineering and security stakeholders. 
  • Demonstrated experience leading safe adoption of enterprise-authorized AI capabilities within the work environment across cybersecurity architecture workflows, including validation practices and awareness of data sensitivity.
  • Ability to assess and validate AI-assisted security recommendations and AI-enabled architecture patterns before adoption, escalating uncertainty and ensuring outcomes align to security, resiliency, and auditability expectations.

Preferred qualifications, capabilities, and skills

  • Experience with authentication services and modern identity patterns (OIDC/OAuth2 concepts, JWT handling, mTLS, key/cert rotation). 
  • Streaming platform expertise (Kafka-like systems, consumer group patterns, DLQs, processing guarantees tradeoffs). 
  • SaaS vendor security integrations (audit log/admin APIs, rate limits, connector frameworks). 
  • Cloud infrastructure experience (containers, infrastructure-as-code) and secure deployment patterns. 

 

#CTC

The Security Software Engineer II is responsible for building the technical infrastructure, automation, and continuous guardrails required to secure data, cloud environments, and artificial intelligence workloads. You will bridge the gap between software development and cybersecurity, ensuring applications and the firm are secure by design.