DescriptionTake on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.
As a Lead Security Engineer- Cryptography you will help leverage innovative cryptography at JPMorgan Chase. As a member of the Emerging Technologies Security group within the Cybersecurity & Technology Controls organization, you will work alongside cryptographers and a group of passionate security engineers to solve complex security problems and support the deployment of cryptography-based solutions.
The position requires extensive software development experience and strong industry experience in combining cryptography and security best-practices to secure complex IT infrastructure, customer-facing services, and sensitive customer and enterprise data.
Job responsibilities
- Assess existing cryptographic libraries
- Evaluate existing crypto-agile approaches and tools - help define and implement JPMC-centric solutions
- Define and develop tools or libraries for cryptography services
- Review architecture document for security services
- Assist with performance impact assessment of post-quantum cryptography implementations
- Conduct source code security review
- Communicate ongoing work with other teams or organizations
- Collaborate with cryptographers on specific topics
Required qualifications, capabilities, and skills
- Formal training or certification on security engineering concepts and 5+ years applied experience
- Solid track record of using cryptography software frameworks including, but not limited to, Java JCA and/or Bouncy Castle
- Strong understanding in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, block ciphers
- Strong understanding of network security protocols (TLS, SSH, IPsec etc.)
- Strong track record in software development, with experience working with tools like Github, Junit, Maven, Jenkins, CI/CD
- Proficiency in Java. Other programming languages like Go, C/C++, Python, C#, JavaScript or shell scripting good to have
- Good knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509)
- Security solution development utilizing cryptographic agility principles
- Ability to convey complex concepts and ideas in a clear and concise manner to a wide range of audience
- Proven track record in working with diverse teams to achieve goals
- Driving enterprise-wide transformative security technology initiatives
Preferred qualifications, capabilities, and skills
- Familiarity with upcoming NIST post-quantum cryptography standards and related migration efforts
- Basic knowledge on cryptanalysis, crypto system threat modeling and analysis
- NIST key management best practices
- Technology security certifications, e.g., FIPS 140-2/3, Common Criteria, PCI
- AWS, Docker
- Engineering and managing cryptographic systems for enterprise applications and infrastructure
- MS or BS in computer science, preferably with a focus on security and/or cryptography