Lead Security Engineer
Role details
Job location
Tech stack
Job description
Join us and shape the future of secure software delivery. As a Lead Security Engineer, you'll work at the intersection of security and platform engineering, designing impactful solutions that enable teams to move fast while managing risk. You'll collaborate with talented squads, contribute to a culture that values unique perspectives, and foster growth, impact, and innovation. This is your opportunity to make a difference and advance your career in a dynamic, engineering-led environment. We're committed to helping you thrive and grow.
As a Lead Security Engineer at JPMorgan Chase in the Platform team, you will embed security into engineering workflows and deliver scalable, engineering solutions. You'll work at the intersection of security and platform engineering, actively designing, building, and implementing security capabilities. Your role is hands-on, collaborating with squads to reduce platform risk and enable secure software delivery. You'll help shape a modern, engineering-led approach to security, empowering teams to move fast while managing risk. Our culture values unique perspectives and fosters growth, impact, and innovation., * Design, build, and operate scalable security capabilities integrated into engineering workflows
- Embed security into the software development lifecycle by implementing automated controls
- Improve software supply chain security through SBOM generation and dependency visibility
- Analyze and enrich vulnerability data with contextual information for effective remediation
- Provide actionable insights and guidance to engineering teams to address security issues
- Collaborate with platform and product engineering teams to drive secure development practices
- Identify and assess security risks in runtime and cloud environments, supporting remediation
- Support the development and operation of runtime security tooling for production risk visibility
- Contribute to security incident response activities, including triage and investigation
- Develop and maintain incident response processes, runbooks, and detection capabilities
- Work with risk, governance, and control teams to support reporting and compliance
Requirements
- Hands-on experience in software, platform, or cloud engineering roles deploying systems in public cloud environments
- Strong ability to design and implement security controls within engineering workflows, especially CI/CD pipelines
- Proficiency in at least one programming or scripting language for automation and integration
- Solid understanding of the Software Development Life Cycle and integrating security practices
- Experience applying security testing and controls within CI/CD pipelines
- Familiarity with cloud-native technologies, including containerization and orchestration platforms
- Strong analytical and problem-solving skills to deliver practical security solutions
- Good understanding of modern engineering practices, including CI/CD, system resilience, and secure software delivery, * Experience in platform security, DevSecOps, or engineering-led security teams
- Familiarity with security tools such as Snyk and Wiz
- Knowledge of software supply chain security concepts, including SBOM, SLSA, and dependency management
- Cloud certifications, preferably GCP (e.g., Professional Cloud Architect, Professional DevOps Engineer)
- Experience operating in large-scale enterprise environments within regulated industries
- Ability to communicate technical risks clearly to engineering teams and senior stakeholders
