Apply Now    

CCB Head of Application and Infrastructure Security

Req #: 170076387
Location: Wilmington, DE, US
Job Category: Technology
Job Description:
The Chase Consumer and Community Banking (CCB) Cybersecurity team supports core functions across CCB for security design, threats, monitoring and response. The CCB Cyber team supports corporate Cyber programs including Software Security Assurance Program (SSAP), Data Loss Prevention, Threat and Vulnerability Management, Security Event Management and Cybersecurity Architecture. 

The Head of Infrastructure and Application security will report to the Head of the CCB Cybersecurity function, and will be accountable for the end-to-end oversight of all security programs designed to protect Chase's application and infrastructure footprint.  In addition, they will be accountable for influencing direction, strategy, and policy at the firmwide level, in partnership with the Corporate Cybersecurity team.  They will assist with continued uplift and evolution of all aspects of the application and information security programs.  They will be also accountable for tracking the health of the programs, which includes Key Risk Indicator (KRI) management, and driving remediation of all outstanding vulnerabilities based upon risk. 


A successful candidate must not only demonstrate core competencies in both application and infrastructure, but must also be passionate about evolving this function to meet the changing needs of CCB Technology, including support of internal and external cloud, growth of mobile and payment technology, as well as the transition to Agile methodology. 

  • 5+ years of hands on software development experience
  • 5+ years of people management experience 
  • 10+ years of experience in software security and software security vulnerability management.
  • 10+ years of experience in infrastructure and infrastructure vulnerability management.
  • Ability to influence the organizational direction for application and infrastructure security, including Technology Control Officers, Chief Development Officers, and the Global Cybersecurity Team.
  • Expert knowledge of software and infrastructure vulnerability remediation techniques and libraries
  • Expert knowledge of NVD, CVSS scoring, risk ranking, threats and vulnerabilities, and performing web application security assessments.
  • Ability to quickly organize and react to infrastructure and application vulnerabilities, using common incident response.
  • End-to-end understanding of Red Team programs and strategy.
  • Understanding of static code analysis tools principles and practices (i.e. HP Fortify, Veracode, BlackDuck) with experience providing development teams tangible guidance to remedy vulnerability defects.
  • Experience in working with common OSS frameworks.
  • Working knowledge of J2EE and security solutions within that framework. 
  • Deep code-level knowledge of common software security vulnerabilities and remediation methods for Java or .Net applications. 
  • Deep knowledge of the OWASP Top 10 and the ability to explain how these issues should be remediated.
  • Expert level analyst with proven capability to comprehend various technology stacks related to web security, authentication, database security, session management, business logic and input validation methods.
  • Proven ability to review application security data and metrics, and be able to translate them into executive level communication, which includes risk-based decisions. 
  • Strong ability to collaborate across multiple lines of businesses, both within the Consumer Bank, as well as at the firmwide level. 
  • Proficiency with CVSS, CVE and related schema and scoring. 
  • Knowledge of common open source applications from Apache, Oracle, etc. and their known security vulnerabilities will be a job requirement. 
  • Strong technical acumen, communication and influence skills.  You should have the ability to explain in depth your assessment of a vulnerability to an application developer so they are able to understand the issue and successfully remediate the finding.  The end result must be to resolve the security issue successfully.
  • Experience in pen-testing, not required, but is considered a plus. 
  • Professional Certifications preferred (i.e. JPMC ASC or CSSLP, GSSP, CISA, CISSP)
  • The candidate must be a “self starter”, able to operate independently within minim guidance, and produce tangible, measurable results.
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.