Play a vital role in shaping the future of an iconic company and make a direct impact in a dynamic environment designed for top achievers.

As a Principal Cybersecurity Architect at JPMorgan Chase within the Cybersecurity & Tech Controls team, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications and platform products. Drive significant business impact through your capabilities and contributions, and apply deep technical expertise and problem-solving methodologies to tackle a diverse array of cybersecurity challenges that span multiple technology domains.

Job responsibilities

• Leads the Threat Modeling Center of Excellence community, driving the strategic vision, development, and implementation of threat modeling practices across the enterprise.

• Collaborates with business, technology, and risk stakeholders to embed threat modeling into the architecture review lifecycle and ensure alignment with organizational security objectives.

• Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks

• Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors .

• Works with stakeholders and senior leaders to recommend business modifications during periods of vulnerability

• Serves as function-wide subject matter expert in one or more areas of focus

• Actively contributes to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle

• Influences peers and project decision-makers to consider the use and application of leading-edge technologies

• Adds to team culture of diversity, opportunity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification in software engineering concepts and 10+ years applied experience

• Expert Threat Modeler with hands-on experience as a threat model practitioner

• Deep expertise in threat modeling methodologies (e.g., STRIDE-LM, ATT&CK)

• Passion for mentoring and instructing others on threat modeling.

• Hands-on practical experience delivering enterprise level cybersecurity solutions and controls

• Advanced in one or more programming languages or applications

• Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in one or more technical disciplines (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)

• Ability to tackle design and functionality problems independently with little to no oversight

• Practical cloud native experience

• Ability to evaluate current and emerging technologies to select or recommend the best solutions for the future state architecture

Preferred qualifications, capabilities, and skills

• Experience working with AI models and complex distributed data sets

• Proficiency in designing and implementing security controls for cloud environments (e.g., AWS, Azure, GCP)

• Hands-on experience with security assessment tools, vulnerability scanning tools, and penetration testing methodologies

• Experience working in finance or another highly regulated industry. Strong understanding of regulatory requirements such as GDPR, HIPAA, PCI-DSS, and SOC 2. CISSP, CISM, or other relevant certifications

• Experience engaging stakeholders across an organization to set strategy, align on priorities and deliver to a roadmap while managing to business needs and requirements

#CTC