Chase is the U.S. consumer and commercial banking business of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.3 trillion and operations in more than 60 countries We serve more than 50 million consumers and small businesses through more than 5,600 bank branches, 18,700 ATMs, credit cards, mortgage offices and online and mobile banking as well as through relationships with auto dealerships.
Within Chase, Card Services offers a wide variety of general purpose and partner based credit cards to meet the needs of consumers, small businesses and corporate clients.
As a Chase employee, you'll be part of a company that makes a real difference every day for our customers, our communities and ourselves. With a focus on customer service, you'll put others first, do what's right and create solutions that make lives better. We invite you to build your career on our strong foundation and help shape what's next - for you and for us.
JPMC's Card Services division is looking for an Application Security Lead to be a subject matter expert in software security, perform application penetration testing, manage application security assessment programs, and guide development of secure application architectures. Working closely with development and architecture teams to define security requirements, build secure architecture design models, and drive security initiatives. Maintain the use of static code & dynamic application analysis tools within the systems development life-cycle to assist with identifying and preventing issues early on in the development lifecycle.
Perform Threat Modeling, Security Architecture Reviews or Architecture Analysis on various applications. Work closely with Solutions Architects to identify design defects and ensure that Application
Architectures are not introducing any security vulnerabilities.
Execute application security penetration tests and vulnerability scans against high risk applications.
Work with development teams to impart necessary guidance to remediate defects.
Assist management in prioritizing remediation efforts appropriately.
Create, maintain, and present metrics that measure the effectiveness of the application risk management efforts over time.
Perform research as necessary on reported issues and emerging risks to identify best-practice solutions
Actively participate in firm-wide Information Risk Management forums to contribute and be influential in delivering a firm-wide security program.
Develop and present Security Awareness materials relating to Application Security whenever required.
5 years in Application Security
Strong technical skills in assessing and finding vulnerabilities in application architectures and common software platforms (e.g. browser apps, webservices, client-server, mainframe, mobile, etc)
Hands-on experience with software security testing and common testing tools like Burp Suite, Appscan, WebInspect, Fortify, etc
Experience in driving process improvement and influencing others towards common goals. Strong problem solving and analytical capabilities.
Experience in Mobile application (iOS, Android) Penetration Testing.
Solid knowledge of industry best practices and IT Risk Regulatory landscape in Financial Services.
Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Certified Secure Software Lifecycle Professional (CSSLP) preferred.
Security experience with Social Media projects is a big plus.
JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.
Information Risk Management
US-DE-Wilmington-One Christina Center / 52381
US-MA-Boston-One Beacon Street / 00100
JPMorgan Chase & Co.
At JPMorgan Chase, the work we do matters. All of us are committed to putting our resources and our voices to work every day for our...