Lead Security Engineer in City of Westminster

Lead Security Engineer in City of Westminster

City of Westminster Full-Time 60000 - 80000 Β£ / year (est.) No working from home possible
Jpmorgan Chase & Co.

At a Glance

  • Tasks: Design and implement scalable security solutions in engineering workflows.
  • Company: Join JPMorgan Chase's innovative Platform team focused on secure software delivery.
  • Benefits: Competitive salary, health benefits, and opportunities for professional growth.
  • Other info: Dynamic role with a focus on innovation and impactful security practices.
  • Why this job: Shape the future of secure software while collaborating with diverse teams.
  • Qualifications: Experience in cloud engineering and strong security control implementation skills.

The predicted salary is between 60000 - 80000 Β£ per year.

Overview

Join us and shape the future of secure software delivery.

As a Lead Security Engineer, you\'ll work at the intersection of security and platform engineering, designing impactful solutions that enable teams to move fast while managing risk.

You\'ll collaborate with squads, contribute to a culture that values diverse perspectives, and foster growth, impact, and innovation.

This role is based in JPMorgan Chase\'s Platform team, embedding security into engineering workflows to deliver scalable solutions and enhance secure software delivery across the organization.

Responsibilities

  • Design, build, and operate scalable security capabilities integrated into engineering workflows.
  • Embed security into the software development lifecycle by implementing automated controls.
  • Improve software supply chain security through SBOM generation and dependency visibility.
  • Analyze and enrich vulnerability data with contextual information for effective remediation.
  • Provide actionable insights and guidance to engineering teams to address security issues.
  • Collaborate with platform and product engineering teams to drive secure development practices.
  • Identify and assess security risks in runtime and cloud environments, supporting remediation.
  • Support the development and operation of runtime security tooling for production risk visibility.
  • Contribute to security incident response activities, including triage and investigation.
  • Develop and maintain incident response processes, runbooks, and detection capabilities.
  • Work with risk, governance, and control teams to support reporting and compliance.

Qualifications

  • Hands-on experience in software, platform, or cloud engineering roles deploying systems in public cloud environments.
  • Strong ability to design and implement security controls within engineering workflows, especially CI/CD pipelines.
  • Proficiency in at least one programming or scripting language for automation and integration.
  • Solid understanding of the Software Development Life Cycle and integrating security practices.
  • Experience applying security testing and controls within CI/CD pipelines.
  • Familiarity with cloud-native technologies, including containerization and orchestration platforms.
  • Strong analytical and problem-solving skills to deliver practical security solutions.
  • Good understanding of modern engineering practices, including CI/CD, system resilience, and secure software delivery.
  • Experience in platform security, Dev Sec Ops, or engineering-led security teams.
  • Familiarity with security tools such as Snyk and Wiz.
  • Knowledge of software supply chain security concepts, including SBOM, SLSA, and dependency management.
  • Cloud certifications, preferably GCP (e. g., Professional Cloud Architect, Professional Dev Ops Engineer).
  • Experience operating in large-scale enterprise environments within regulated industries.
  • Ability to communicate technical risks clearly to engineering teams and senior stakeholders.
  • #J-18808-Ljbffr
Jpmorgan Chase & Co.

Contact Details:

Jpmorgan Chase & Co. Recruitment Team

We think you need these skills to ace Lead Security Engineer in City of Westminster

Security Engineering
Cloud Engineering
CI/CD Pipeline Security
Automation Scripting
Software Development Life Cycle (SDLC)
Security Testing
Containerization