JPMorgan Lead Cybersecurity Architect 

United States, Texas, Plano 

697139505

Job responsibilities

• Acts as the primary point of contact for security-related issues for product and development teams, running applications, platform, and infrastructure services.
• Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs.
• Defines the technical target state of their cybersecurity product and drives achievement of the strategy.
• Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall cybersecurity of software applications and systems.
• Leads evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture.
• Conducts security architecture reviews and threat models to identify vulnerabilities and recommend solutions.
• Performs smart contract audits and provides remediation recommendations aligned to Blockchain/Web3 best practices.
• Leads communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies
• Evaluate current and emerging technologies to recommend the best solutions for the future state architecture

Required qualifications, capabilities, and skills

• Formal training or certification on software/systems engineering concepts and 5+ years applied experience.
• Experience with Blockchain security and different threats applicable to private , private-permissioned, and public Blockchains
• Proficiency at least at one cybersecurity domain, and working knowledge in multiple, e.g., Identity and Access Management, Network Security, Application Security.
• Good familiarity with various threat modelling methodologies, e.g., STRIDE, PASTA, attack trees
• Demonstrated experience utilizing OWASP Top 10, MITRE ATT&CK, STIX, etc. to assess the impact and severity of vulnerabilities and weaknesses to the business.
• Strong understanding of smart contracts, smart contract common vulnerabilities, and security development patterns applied to smart contracts.
• Hands-on practical experience delivering enterprise-level cybersecurity solution architecture and recommending appropriate compensating controls.
• Background in conducting threat models or risk assessments for Web3/Blockchain projects.
• Experience with one or more scripting or programming languages, e.g., Bash, Python, Go, Kotlin, Java
• Proficiency in all aspects of the Software Development Life Cycle
• Practical cloud native experience, such as AWS Services

Preferred qualifications, capabilities, and skills

• Good knowledge of Ethereum and EVM-compatible networks (both permissioned and public networks)
• Proficiency in Go and/or Rust with in-depth expertise on the languages, their internal and pitfalls, as well as their tooling ecosystem for security tooling automation and enhancements
• Familiarity with ZKP concepts and relevant protocols, e.g., ZKSNARKS, ZKSTARKS, Bulletproofs
• Automated testing proficiency is desired, e.g., experience working with fuzzers, including building harness, rules. Advanced understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security