Head of Security - Principal Engineer
JP Morgan
Location: Greater London
Job Type: Full time
Posted
Our team is at the heart of building this new venture. We have created a new organization and we are looking for solution-oriented, commercially minded, client-focused engineers, used to working in a true agile environment who want to be a part of something new, built from the ground up as a green-field with zero legacy initiative within a global, diverse and inclusive team.
Culture is as important to us and we are looking for intellectually curious, new technology passionate individuals who would like to expand their skills whilst working on a new exciting venture for the firm. Your work will have a direct impact to our customers as our business expands around the world.
This is a hands-on role for a Head of Security Lead whowants to be part of flat-structure organization andinfluence the design & developmentof a green-field initiative. As a part of delivering end-to-end cutting-edge solutions in the form of cloud-native microservices architecture applications leveraging the latest technologies and the best industry practices, your responsibilities will include
- Understanding complex regulatory and internal security requirements and be able to advise on implementation options
- Guiding & defining the security practices & standards end-to-end, covering external connectivity and internal service communication
- Interacting with 3rd party vendors on security-related aspects during onboarding
- Interacting with senior internal stakeholders - internal auditors, firmwide controls, etc
- Review & constantly improve existing security practices and standards
Your technical skills should include
- Experience in an engineering role with heavy focus on security
- Experience with at least 1 high-level programming language (Java, Python, etc)
- Good understanding of modern SDLC practices and security aspects & tools of CI/CD pipelines (code scanning, container scanning)
- Excellent knowledge of security best practices at different stages of the development lifecycle
- Excellent knowledge of methods for authentication, authorization and encryption (AuthN/Z, JWT, RBAC, TLS, OAuth2)
- Understanding of applied cryptography - understanding of symmetric/asymmetric cryptography
- Practical experience with TLS certificates setup
- Understanding of security vulnerabilities and remediation options
- Excellent knowledge of all of the above concepts in the context of at least one (ideally more!) public cloud provider (AWS,GCP,Azure)
- Nice to have: knowledge of security/identity SaaS vendors (Okta, Auth0)
Your soft skills should include
- Ability to work in a collaborative environment and coach other team members on coding practices, design principles, and implementation patterns that lead to high-quality maintainable solutions.
- Ability to work in a dynamic, agile environment within a geographically distributed team
- Ability to focus on promptly addressing client and business needs
- Ability to work within a diverse and inclusive team
- Technically curious, versatile and solution oriented