Security Engineer III - Offensive/Defensive Web Security
On-site · Plano, Texas, United States
Job Summary
Security Engineer III at JPMorganChase leading design, development, and troubleshooting of security solutions across multiple platforms. Responsibilities include applying security controls, using vulnerability analysis tools to assess threats, leading continuity-related awareness and training, maintaining security configuration baselines for various web/application servers (e.g., Apache, Tomcat, IIS, WebSphere, Nginx), coordinating with product teams to enforce secure configurations, performing annual baseline recertifications mapped to CIS/STIG/NIST, collaborating with drift-monitoring and SIEM teams, and providing remediation guidance to application teams. Emphasizes contributing to a diverse, inclusive team culture and requires formal security training or certification with 3+ years of applied experience, proficiency in at least one programming language, knowledge of SDLC and Agile/CI-CD practices, and strong analytical skills to translate security requirements into actionable controls.
Required Qualifications
- Formal training or certification on security engineering concepts and 3+ years applied experience
- Experience developing security engineering solutions
- Proficient in coding in one of more languages
- Overall knowledge of the Software Development Life Cycle
- Solid understanding of agile methodologies such as CI/CD, application resiliency, and security
- Experience with security configuration management, baseline hardening, and compliance frameworks
- Strong analytical and problem-solving skills with ability to interpret technical security requirements and translate them into actionable controls
- Preferred qualifications: Experience with web server and application server technologies (Apache, Tomcat, IIS, WebSphere, Nginx)
- Preferred qualifications: Familiarity with configuration drift monitoring tools and SIEM platforms
- Preferred qualifications: Knowledge of industry security benchmarks and standards (CIS, DISA STIGs, NIST)
- Preferred qualifications: Experience working with cross-functional teams including product engineering, SREs, and control domain stakeholders
- Preferred qualifications: Understanding of cloud and container security configurations
- Preferred qualifications: Strong written and verbal communication skills for technical documentation and stakeholder engagement
- Preferred qualifications: Certifications such as OSCP or OSCE is a plus
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.