JPMorgan Chase - Palo Alto, CA
posted 20 days ago
Full-time
Palo Alto, CA
Credit Intermediation and Related Activities
About the position
As a Lead Security Engineer specializing in Cryptography at JPMorgan Chase, you will play a pivotal role in delivering secure software solutions. This position involves working within the Emerging Technologies Security group to leverage innovative cryptography, solve complex security challenges, and support the deployment of cryptography-based solutions. You will collaborate with cryptographers and security engineers to enhance software security and protect sensitive data.
Responsibilities
- Assess existing cryptographic libraries
- Evaluate existing crypto-agile approaches and tools, helping to define and implement JPMC-centric solutions
- Define and develop tools or libraries for cryptography services
- Review architecture documents for security services
- Assist with performance impact assessment of post-quantum cryptography implementations
- Conduct source code security reviews
- Communicate ongoing work with other teams or organizations
- Collaborate with cryptographers on specific topics
Requirements
- Formal training or certification on security engineering concepts and 5 years applied experience
- Solid track record of using cryptography software frameworks including Java JCA and/or Bouncy Castle
- Strong understanding in applying mainstream cryptographic primitives, including digital signatures, public-key ciphers, and block ciphers
- Strong understanding of network security protocols (TLS, SSH, IPsec, etc.)
- Strong track record in software development, with experience working with tools like Github, Junit, Maven, Jenkins, CI/CD
- Proficiency in Java; familiarity with other programming languages like Go, C/C++, Python, C#, JavaScript, or shell scripting is beneficial
- Good knowledge of public key infrastructure (PKI) and digital certificates (e.g., X.509)
- Experience in security solution development utilizing cryptographic agility principles
- Ability to convey complex concepts and ideas clearly to a wide audience
- Proven track record in working with diverse teams to achieve goals
- Experience driving enterprise-wide transformative security technology initiatives
Nice-to-haves
- Familiarity with upcoming NIST post-quantum cryptography standards and related migration efforts
- Basic knowledge of cryptanalysis, crypto system threat modeling and analysis
- NIST key management best practices
- Technology security certifications, e.g., FIPS 140-2/3, Common Criteria, PCI
- Experience with AWS and Docker
- Engineering and managing cryptographic systems for enterprise applications and infrastructure
- MS or BS in computer science, preferably with a focus on security and/or cryptography
