Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.
As a Lead Security Engineer- Cryptography you will help leverage innovative cryptography at JPMorgan Chase. As a member of the Emerging Technologies Security group within the Cybersecurity & Technology Controls organization, you will work alongside cryptographers and a group of passionate security engineers to solve complex security problems and support the deployment of cryptography-based solutions.
The position requires extensive software development experience and strong industry experience in combining cryptography and security best-practices to secure complex IT infrastructure, customer-facing services, and sensitive customer and enterprise data.
Job responsibilities
Assess existing cryptographic libraries Evaluate existing crypto-agile approaches and tools - help define and implement JPMC-centric solutions Define and develop tools or libraries for cryptography services Review architecture document for security services Assist with performance impact assessment of post-quantum cryptography implementations Conduct source code security review Communicate ongoing work with other teams or organizations Collaborate with cryptographers on specific topics
Required qualifications, capabilities, and skills
Formal training or certification on security engineering concepts and 5+ years applied experience Solid track record of using cryptography software frameworks including, but not limited to, Java JCA and/or Bouncy Castle Strong understanding in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, block ciphers Strong understanding of network security protocols (TLS, SSH, IPsec etc.) Strong track record in software development, with experience working with tools like Github, Junit, Maven, Jenkins, CI/CD Proficiency in Java. Other programming languages like Go, C/C++, Python, C#, JavaScript or shell scripting good to have Good knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509) Security solution development utilizing cryptographic agility principles Ability to convey complex concepts and ideas in a clear and concise manner to a wide range of audience Proven track record in working with diverse teams to achieve goals Driving enterprise-wide transformative security technology initiatives
Preferred qualifications, capabilities, and skills
Familiarity with upcoming NIST post-quantum cryptography standards and related migration efforts Basic knowledge on cryptanalysis, crypto system threat modeling and analysis NIST key management best practices Technology security certifications, e.g., FIPS 140-2/3, Common Criteria, PCI AWS, Docker Engineering and managing cryptographic systems for enterprise applications and infrastructure MS or BS in computer science, preferably with a focus on security and/or cryptography