Security Engineer III-Python, Bash, Vulnerability Assessments
The security of a global financial institution depends on the strength of the people and systems behind it. At JPMorganChase, we're looking for a skilled security engineer ready to operate and evolve the infrastructure that keeps our firm — and the millions of people who depend on us — protected. This is your opportunity to work at scale, drive meaningful impact, and grow your career within one of the most sophisticated cybersecurity programs in the world.
As a Security Engineer III at JPMorganChase within the Cybersecurity & Technology Controls, Runtime Vulnerability Assessment team, you serve as a seasoned member of a team responsible for operating and advancing the firm's global vulnerability scanning program. You will help ensure comprehensive, timely detection across every asset — from on-premises data centers to cloud environments — and contribute to the scanning backbone that supports enterprise-wide risk decisions. You will carry out critical technology solutions with rigorous, audit-ready methods across multiple technical areas in support of the firm's business objectives.
Job responsibilities
- Operate and maintain the firm's global scanner fleet, including appliance deployment, health monitoring, scan profile tuning, and failure recovery across Asia-Pacific, Europe, Middle East & Africa, and North American data centers
- Develop and maintain automation tooling for scanner lifecycle management, including provisioning frameworks, agent packaging for Linux and Windows platforms, and integration with internal deployment pipelines.
- Uses enterprise-authorized AI capabilities within the work environment to accelerate security analysis and vulnerability assessment documentation, validating outputs and ensuring sensitive data is handled appropriately.
- Apply vulnerability scanning platforms to assess detection coverage, correlate findings, and identify gaps across managed and unmanaged asset populations
- Collaborate with infrastructure and cloud engineering teams to ensure scan reachability across segmented networks, cloud workloads, and hybrid environments
- Contribute to the development and maintenance of operational runbooks, continuity documentation, and coverage exercises to sustain scanning through infrastructure changes and major platform events
- Analyze scan data and detection trends to surface actionable insights that inform enterprise risk prioritization and remediation workflows
- Partner with cross-functional teams to support compliance scanning requirements and ensure alignment with regulatory and audit standards.
- Applies reuse-first, AI-assisted practices within SDLC/toolchain routines to strengthen security testing and control validation, ensuring traceability/auditability and alignment to resiliency and security expectations.
- Champion engineering best practices, including infrastructure-as-code, version control, and change management, within the vulnerability management program
Required qualifications, capabilities, and skills
- Formal training or certification on security engineering concepts and 3+ years applied experience
- Experience designing and operating vulnerability scanning solutions at enterprise scale, including scanner infrastructure, agent management, and scan orchestration
- Proficiency in scripting and automation using one or more languages such as Python, Bash, PowerShell, or configuration management frameworks.
- Demonstrated experience using enterprise-authorized AI capabilities within the work environment to support security engineering workflows with strong validation habits and awareness of data sensitivity.
- Ability to review and validate AI-assisted code/security recommendations before use, escalating when uncertain and following security and data handling requirements.
- Solid understanding of the software development lifecycle, including infrastructure-as-code practices and change management controls
- Working knowledge of network fundamentals, including segmentation, firewall rules, and connectivity as they relate to scan reachability
- Familiarity with agile methodologies and continuous integration and delivery practices within a security engineering context
- Ability to communicate technical findings and operational risks clearly to both technical and non-technical stakeholders
Preferred qualifications, capabilities, and skills
- Hands-on experience administering Qualys or Tenable platforms, including appliance deployment, option profile configuration, and API-driven automation
- Familiarity with agent-based scanning, binary packaging pipelines, and manifest version control for endpoint security tooling
- Experience supporting Payment Card Industry Data Security Standard compliance scanning or equivalent regulatory scanning requirements
- Exposure to cloud-native security tooling and vulnerability management across major cloud providers
#CTC