Apply Now    

Web Security Engineer

Req #: 170099624
Location: Jersey City, NJ, US
Job Category: Technology
Job Description:
The Web Security Specialist will be a senior member of the Endpoint Engineering team within Cybersecurity.  The team defines and maintains the firm-wide security baselines for platforms, web, database, messaging and related infrastructure services.  This role will partner with web product engineering teams to support the end to end secure deployment of Web Application Infrastructure. The role requires a strong security focused self-starter with experience in both defensive and offensive Web Application Security. You will research, develop and define security baselines for Web Middleware products.  You will also proactively identify weakness in existing Web Middleware products using offensive security techniques and lead the risk reduction efforts. Here is your chance to transform the way the firm secures the Web infrastructure.  To be successful in this role, the candidate should have expertise in the following areas
  • Web Application Penetration Testing
  • Engineering Web Middleware products like WebSphere Application Server, Tomcat, Apache, etc.
  • Application Security design
The Role:
  • Establish security baseline for the Web Middleware products and define associated firm-wide security controls.
  • Identify risks proactively using offensive security techniques and lead risk reduction efforts.
  • Create an execution strategy that focuses on embedding Web security controls into existing practices to enhance effectiveness.
  • Ability to present to larger audience and manage working groups to drive approval for Web Security controls.
  • Partner with web product engineering team to enable ground floor security reviews of new technology and technology deployment approaches.
  • Develop and support presentations to executive leadership.
  • Ability to keep abreast with latest threats, attack techniques and mitigation strategies
Required Qualifications:
  • Experience as an Architect/Engineer within  Web and Application security.
  • Experience in penetration testing for web application infrastructure. 
  • Strong experience in Cyber Security design and engineering.
  • Expertise with Apache, Tomcat, WebSphere, Weblogic and Siteminder.
  • In depth knowledge of web application vulnerabilities and exploitation techniques e.g. OWASP, NIST, SANS
  • Experience with offensive security tools like Nmap, Nessus, Burp Suite, Metasploit, etc
  • Excellent analytical and problem-solving skills – ability to get to the root of the problem, assess impact, and develop a resolution plan quickly, leveraging all available resources, is essential.
  • Ability to identify tactical quick wins, as well as strategic long term remediation options are both essential skills
  • Demonstrated ability to drive and manage large scale projects with little or no supervision and ability to partner successfully across a global organization
Preferred qualifications:
  • Good understanding of Security by Design Principles
  • Skills in conducting security design reviews and identifying associated vulnerabilities.
  • Reverse engineering techniques to identify security vulnerabilities
  • Working knowledge of NIST framework or CIS Security Controls
  • Knowledge of network security architecture concepts, including topology, protocols and principles.
  • Current GWAP, GPEN certifications are desirable.
JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.