Application Security Engineer

About the Company

JPMorgan Chase & Co. is a leading global financial services firm with assets of $3.9 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small businesses, commercial banking, financial transaction processing, and asset management. We serve millions of customers and many of the world’s most prominent corporate, institutional and government clients.

Job Description

We are seeking a highly skilled and motivated Application Security Engineer to join our dynamic team in Wilmington, Delaware. In this critical role, you will be responsible for ensuring the security of our software applications throughout their entire lifecycle, from design to deployment. You will collaborate closely with development teams, architects, and other security professionals to implement robust security measures, conduct vulnerability assessments, and champion secure coding practices. This position offers an exciting opportunity to contribute to a secure financial ecosystem and is open to candidates requiring visa sponsorship.

Key Responsibilities

• Perform security reviews of application designs, architectures, and code to identify potential vulnerabilities and ensure compliance with security policies and best practices.
• Conduct static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) to discover security flaws.
• Collaborate with development teams to remediate identified vulnerabilities, providing expert guidance on secure coding techniques and defensive programming.
• Develop and deliver security training and awareness programs for developers and engineering teams.
• Participate in threat modeling exercises to identify and mitigate risks early in the software development lifecycle.
• Research and stay up-to-date with the latest security threats, vulnerabilities, and industry best practices.
• Contribute to the continuous improvement of our application security tools, processes, and standards.
• Support incident response activities related to application security.

Required Skills

• Proficiency in identifying and mitigating common web application vulnerabilities (e.g., OWASP Top 10).
• Experience with SAST, DAST, and IAST tools (e.g., Fortify, Checkmarx, Veracode, Contrast Security).
• Strong understanding of secure coding principles and practices across various programming languages (e.g., Java, Python, C#, JavaScript).
• Familiarity with cloud security principles and practices (AWS, Azure, GCP).
• Knowledge of cryptography, authentication mechanisms, and authorization frameworks.
• Experience with CI/CD pipelines and integrating security into the DevOps process.
• Excellent communication and collaboration skills.

Preferred Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Relevant security certifications (e.g., CISSP, CSSLP, CEH, GWAPT).
• Experience with container security (Docker, Kubernetes).
• Familiarity with API security best practices.
• Experience in the financial services industry.
• Demonstrated ability to mentor junior engineers on security topics.

Perks & Benefits

• Comprehensive health, dental, and vision insurance.
• 401(k) retirement plan with company match.
• Generous paid time off and holidays.
• Professional development opportunities and tuition reimbursement.
• On-site fitness centers and wellness programs.
• Employee assistance program.
• Commuter benefits.
• Opportunities for career growth within a global organization.
• Visa sponsorship available for qualified candidates.

Apply Now