Lead Security Engineer

About

Take on a crucial role where you'll be a key part of a high-performing team building and maintaining foundational cryptographic infrastructure. Make a real impact as you help shape the way secure communications are configured, tested, and deployed across the enterprise at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the CTC Emerging Technologies Security group, you will own and evolve a TLS abstraction layer that provides a unified interface for TLS stack configuration across Java, Python, and Node.js runtimes. You will serve as both a hands-on developer and a subject-matter expert at the intersection of network security protocols and polyglot software engineering. You will be responsible for ensuring that the library remains secure, performant, well-tested, and aligned with evolving TLS standards and enterprise security policy.

Job Responsibilities

• Design, implement, debug, and extend the TLS abstraction layer, ensuring consistent TLS configuration and behavior across Java (JSSE/Bouncy Castle), Python (ssl/OpenSSL bindings), and Node.js (built-in TLS/OpenSSL) runtimes.
• Serve as the team's subject-matter expert on TLS 1.2 and 1.3 handshake mechanics, cipher suite negotiation, certificate validation, key exchange algorithms, and session resumption — and translate that expertise into library design decisions.
• Architect clean, well-documented APIs that decouple application-level TLS intent (e.g., minimum protocol version, allowed cipher suites, certificate pinning, mutual TLS) from the platform-specific implementation details of each runtime's TLS stack.
• Build and maintain comprehensive test suites — including unit, integration, interoperability, and protocol-conformance tests — that verify correct TLS behavior across all supported runtimes and configurations.
• Develop test harnesses that exercise edge cases such as certificate chain validation failures, protocol downgrade scenarios, and cipher suite mismatches.
• Design, maintain, and improve CI/CD pipelines for the library, including automated builds, multi-runtime test matrices, static analysis, dependency scanning, and artifact publishing across all supported language ecosystems (Maven/Gradle, PyPI, npm).
• Triage and resolve complex TLS-related issues reported by consuming applications, including handshake failures, performance regressions, certificate trust-store misconfigurations, and runtime-specific behavioral differences.
• Monitor developments in TLS standards (IETF RFCs), cryptographic library updates (OpenSSL, Bouncy Castle), and runtime release notes to proactively assess impact on the library and plan necessary updates.
• Produce clear integration guides, migration documentation, and configuration references so that consuming teams can adopt and configure the library with minimal friction.
• Work with application teams, platform engineering, and enterprise security policy owners to gather requirements, communicate breaking changes, and align library capabilities with organizational security mandates.
• Contribute to a team culture of diversity, equity, inclusion, and mutual respect.

Required Qualifications, Capabilities, and Skills

• Bachelor's degree in Computer Science, Computer Engineering, or a related field; 7+ years of software development experience, with at least 3 years focused on security-sensitive or infrastructure-level library development.
• Strong hands-on development skills in at least two of Java, Python, and Node.js/TypeScript, with a willingness and ability to work across all three.
• Experience with each language's native TLS/cryptographic APIs (e.g., JSSE, Python ssl module, Node.js tls module).
• Deep understanding of TLS 1.2 and 1.3 — including handshake flows, key exchange mechanisms (ECDHE, DHE), certificate authentication (X.509, chain-of-trust, Certificate Verify), cipher suite semantics, ALPN/SNI, and session management.
• Familiarity with underlying cryptographic primitives (AES-GCM, ChaCha20-Poly1305, RSA, ECDSA, EdDSA, HKDF).
• Demonstrated experience designing, versioning, and maintaining libraries or SDKs consumed by other engineering teams, including thoughtful API surface design, semantic versioning, and backward-compatibility management.
• Proven experience building multi-dimensional test strategies for security-critical software, including protocol-conformance testing, cross-platform interoperability testing, and negative/adversarial test cases.
• Hands-on experience designing and maintaining CI/CD pipelines (e.g., Jenkins, GitHub Actions, or equivalent), including multi-language build matrices, automated security scanning (SAST, dependency vulnerability checks), and artifact publication.
• Strong diagnostic skills for network-level issues — comfortable using tools like Wireshark, OpenSSL CLI (s_client, s_server), keytool, and language-specific debuggers to trace TLS handshake failures and certificate issues.
• Solid understanding of agile development methodologies, including iterative delivery, code review discipline, and application resiliency principles.

Preferred Qualifications, Capabilities, and Skills

• Experience with cryptographic library internals such as OpenSSL, Bouncy Castle, or LibreSSL.
• Familiarity with FIPS 140-2/140-3 compliance requirements and their impact on TLS configuration and cryptographic provider selection.
• Experience with mutual TLS (mTLS) at scale, including certificate lifecycle management and automated rotation.
• Knowledge of PKI systems, HSMs, or key management infrastructure.
• Experience with container-based build and test environments (Docker, Kubernetes) and cloud platforms (AWS).
• Familiarity with performance profiling of TLS handshakes and bulk-encryption throughput across runtimes.
• Experience using AI-assisted development tools (e.g., GitHub Copilot, Claude Code ) to accelerate library development and test generation.
• Relevant certifications such as CISSP, CCSP, or vendor-specific security credentials are a plus but not required.

#CTC