Apply Now    

Information Security Architect - Threat Modeling

Req #: 170089340
Location: Jersey City, NJ, US
Job Category: Technology
Potential Referral Amount: 5000 US Dollar (USD)
The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Role….
Application Security Architect -Threat Modelling Lead is responsible for performing Security Design Reviews / Architecture Risk Analysis and creating Threat Models for Reference Architectures. Responsibilities include working with various cyber security teams to gather intelligence and build threat catalog, understand various reference architectures, creating threat models and training junior IT Risk members to use these models.  Responsibilities also include identifying and evaluating potential weaknesses in the designs of applications using manual methods. This role requires a strong drive and determination to conceptualize, design, and mitigate attack surfaces / threats / flaws by creating Threat Model Patterns.
  • Collaborating with all LoBs, create and actively maintain pipeline of Threat Models for Reference Architectures.
  • Prioritize, create, review, present and socialize Threat Models in various firm-wide public forums.
  • Ensure that Threat Models are understood and adopted by LoB IT Risk teams.
  • Develop and maintain metrics for Threat Models adoption.
  • Work with Cyber Threat Intelligence teams to build, maintain Threat Catalog and feed this info into various tools and processes used by Threat Modeling team.
  • Perform manual Security Architecture Risk Analysis (SARA) / Threat Model Reviews (TMR) of applications and assess their designs against known and emerging threats.
  • Prepare risk report for each SARA / TMR assessment explaining attack surface, threats, flaws and provide remediation guidance to mitigate listed threats.
  • Communicate findings and remediation guidance to development teams in a concise and succinct manner.
  • Learn and support internal Threat Model Review and Threat Model Tools and infrastructure.
  • Acquire and maintain a working knowledge of relevant laws, regulations, and  JPMC policies, standards, and procedures
Required Qualifications...
  • BS degree in computer engineering or equivalent.
  • Subject Matter Expert in Application Security with 5+ years of experience in the following:
    • Security Design Reviews or Architecture Risk Analysis
    • Threat Model Patterns for applications.
    • Identifying top risks and vulnerabilities identified with OWASP, NIST, SANS…
    • System software and organizational design standards, policies, and authorized approaches (e.g., ISO) relating to system/application design.
    • Software design tools, methods, and techniques
  • Skilled in Threat Model methodologies and approaches such as STRIDE, Attack Trees
  • Skilled in recognizing vulnerabilities in application designs.
  • Knowledge of system and application security threats and vulnerabilities
  • Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth)  
  • Knowledge of application penetration testing principles, tools, and techniques.
  • CISSP, CSSLP certifications are desirable.
  • Ability to work under pressure in time critical situations
  • Ability to resolve conflict in a collaborative manner
  • Must be a driver of change and have strong influential skills
  • Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with peers across the firm.
  • Ability to communicate effectively with business representatives in explaining impacts and strategies and where necessary, in layman’s terms

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at  

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.