Apply Now    

CCB Head of Application and Infrastructure Security

Req #: 170076387
Location: Wilmington, DE, US
Job Category: Technology
Potential Referral Amount: 0 US Dollar (USD)
The Chase Consumer and Community Banking (CCB) Cybersecurity team supports core functions across CCB for security design, threats, monitoring and response. The CCB Cyber team supports corporate Cyber programs including Software Security Assurance Program (SSAP), Data Loss Prevention, Threat and Vulnerability Management, Security Event Management and Cybersecurity Architecture. 

The Head of Infrastructure and Application security will report to the Head of the CCB Cybersecurity function, and will be accountable for the end-to-end oversight of all security programs designed to protect Chase's application and infrastructure footprint.  In addition, they will be accountable for influencing direction, strategy, and policy at the firmwide level, in partnership with the Corporate Cybersecurity team.  They will assist with continued uplift and evolution of all aspects of the application and information security programs.  They will be also accountable for tracking the health of the programs, which includes Key Risk Indicator (KRI) management, and driving remediation of all outstanding vulnerabilities based upon risk. 


A successful candidate must not only demonstrate core competencies in both application and infrastructure, but must also be passionate about evolving this function to meet the changing needs of CCB Technology, including support of internal and external cloud, growth of mobile and payment technology, as well as the transition to Agile methodology. 

  • 5+ years of hands on software development experience
  • 5+ years of people management experience 
  • 10+ years of experience in software security and software security vulnerability management.
  • 10+ years of experience in infrastructure and infrastructure vulnerability management.
  • Ability to influence the organizational direction for application and infrastructure security, including Technology Control Officers, Chief Development Officers, and the Global Cybersecurity Team.
  • Expert knowledge of software and infrastructure vulnerability remediation techniques and libraries
  • Expert knowledge of NVD, CVSS scoring, risk ranking, threats and vulnerabilities, and performing web application security assessments.
  • Ability to quickly organize and react to infrastructure and application vulnerabilities, using common incident response.
  • End-to-end understanding of Red Team programs and strategy.
  • Understanding of static code analysis tools principles and practices (i.e. HP Fortify, Veracode, BlackDuck) with experience providing development teams tangible guidance to remedy vulnerability defects.
  • Experience in working with common OSS frameworks.
  • Working knowledge of J2EE and security solutions within that framework. 
  • Deep code-level knowledge of common software security vulnerabilities and remediation methods for Java or .Net applications. 
  • Deep knowledge of the OWASP Top 10 and the ability to explain how these issues should be remediated.
  • Expert level analyst with proven capability to comprehend various technology stacks related to web security, authentication, database security, session management, business logic and input validation methods.
  • Proven ability to review application security data and metrics, and be able to translate them into executive level communication, which includes risk-based decisions. 
  • Strong ability to collaborate across multiple lines of businesses, both within the Consumer Bank, as well as at the firmwide level. 
  • Proficiency with CVSS, CVE and related schema and scoring. 
  • Knowledge of common open source applications from Apache, Oracle, etc. and their known security vulnerabilities will be a job requirement. 
  • Strong technical acumen, communication and influence skills.  You should have the ability to explain in depth your assessment of a vulnerability to an application developer so they are able to understand the issue and successfully remediate the finding.  The end result must be to resolve the security issue successfully.
  • Experience in pen-testing, not required, but is considered a plus. 
  • Professional Certifications preferred (i.e. JPMC ASC or CSSLP, GSSP, CISA, CISSP)
  • The candidate must be a “self starter”, able to operate independently within minim guidance, and produce tangible, measurable results.
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.