Lead Security Engineer - Python/GCP

Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. 

As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity Technology & Controls team, you will drive the design and development of advanced security solutions, with a primary focus on building engineering solutions that enhance the firm’s cloud security posture. This role centers on software engineering, where you will apply a security-first mindset throughout the development lifecycle.

You will architect, develop, and implement robust software systems that proactively defend against misuse, circumvention, and malicious activities. Your work will involve creating tamper-proof, audit-defensible solutions across multiple technical domains, directly contributing to the protection of the firm’s critical assets and data.

In this role, you will provide technical leadership by guiding teams in the delivery of innovative security technologies and engineering solutions that strengthen cloud security. Your expertise will be instrumental in developing resilient cybersecurity frameworks and ensuring our defenses remain strong against emerging threats. You will continuously learn and adapt to the evolving security landscape, maintaining and enhancing the organization’s overall security posture.

Job responsibilities

• Architect, design, and implement advanced security solutions to enhance the organization’s cloud security posture across AWS, Azure, and GCP environments.
• Develop and deploy security policies as code, automating enforcement and remediation to ensure consistent protection in cloud platforms.
• Engineer and maintain automated monitoring frameworks to detect misconfigurations, compliance drift, and emerging threats within cloud environments.
• Collaborate with cross-functional teams to conduct risk assessments, identify vulnerabilities, and drive prioritized remediation through technical solutions.
• Partner with Cloud Security leads to embed security into every phase of cloud service development and deliver technical training on secure engineering practices.

• Stay current with cloud security technologies, engineering best practices, and industry trends through ongoing learning and participation in professional events.

   

Required qualifications, capabilities, and skills

• Formal training or certification on Software Engineering concepts and 5+ years applied experience.
• Proven expertise in architecting, designing, and implementing software solutions using Python, with a strong emphasis on object-oriented programming (OOP) principles and software engineering best practices.
• Demonstrated ability to approach complex problems with strong design and architectural skills, delivering scalable, maintainable, and robust security engineering solutions.
• Deep understanding of at least one major cloud platform (AWS, Azure, or GCP), with hands-on experience in cloud security controls, compliance frameworks, and automation.
• Solid grasp of cloud security concepts such as identity and access management, network security, encryption, and data protection.
• Strong analytical and problem-solving skills, with the ability to proactively identify, assess, and mitigate security risks in complex, multi-cloud environments.
• Experience with the full Software Development Life Cycle (SDLC), including agile methodologies, CI/CD pipelines, application resiliency, and secure coding practices.
• Effective communication and collaboration skills, with the ability to work cross-functionally and provide technical leadership in a team environment.
• Commitment to continuous learning and staying current with emerging cloud security technologies, trends, and best practices

Preferred qualifications, capabilities, and skills

• Hands on experience with Google Cloud Platform (GCP); expertise in GCP security controls and architecture is a strong plus.
• Experience building AI-driven solutions, with the ability to contribute to AI initiatives in cloud security.
• Good knowledge of industry benchmark Cloud Security Posture Management (CSPM) tools, with the ability to assess, monitor, and improve cloud security configurations.