4,362 Threat Modeling jobs in the United States

As an Threat Modeling / Endpoint Lead Cybersecurity Architect at JPMorgan Chase within the Corporate Sector- Cybersecurity Technology and Controls' Employee Compute team, you are an integral part of a team that works to develop high-quality cybersecurity solutions for various software applications on modern cloud-based technologies. As a core technical contributor, you are responsible for carrying out critical cybersecurity architecture solutions by identifying, creating, and communicating risk, mitigation options, and solutions across multiple technical areas within various business functions in support of project goals.

Job responsibilities

• Executes threat modeling and security baseline creation and maintenance
• Leads technology and process implementations to achieve functional architecture objectives
• Engages technical teams and business stakeholders to discuss and propose technical approaches to meet current and future cybersecurity needs
• Defines the technical target state of their cybersecurity product and drives achievement of the strategy
• Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall cybersecurity of software applications and systems
• Leads evaluation sessions with external vendors, startups, and internal teams to drive continuous improvement and assess cybersecurity design and technical credentials for use in existing systems and architecture
• Leads communities of practice to drive awareness and use of new and leading-edge cybersecurity technologies
• Adds to team culture of diversity, equity, inclusion, and respect

Required qualifications, capabilities, and skills

• Experience with Windows, macOS and Mobile security principles, threat modeling and the STRIDE methodology
• Advanced in one or more programming languages (i.e. Java, Python, C/C++), and advanced understanding of agile methodologies such as continuous integration and delivery, application resiliency, and security
• Experience with defining security baselines for operating systems and applications, defining control procedures and objectives
• Hands-on practical experience delivering enterprise-level cybersecurity solutions and controls
• Proficiency in automation and continuous delivery methods, and in all aspects of the Software Development Life Cycle
• Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., public cloud, artificial intelligence, machine learning, mobile, etc.)
• In-depth knowledge of the financial services industry and their IT systems
• Practical cloud native experience and deep knowledge of one or more software and applications
• Ability to evaluate current and emerging technologies to recommend the best solutions for the future state architecture and effectively communicate with senior business leaders

• CISSP Certified Information Systems Security Professional (CISSP) and/or CompTIA Security+
• AWS Certified Practitioner/Cloud Engineer/Software Development Engineer/Cloud Security Engineer/Cloud Security Architect
• Microsoft Certified: Azure Security Engineer

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Base Pay/Salary
Jersey City,NJ $152,000.00 - $215,000.00 / year

This job requires relocation to the United States, Silicon Valley, through the use of a TN visa. If selected for this job, the process of coming to the United States will be handled by Tech-Mex.

The Information Security Engineer maintains 24x7 support, responds to vendor security questionnaires, performs monitoring and maintenance of the security infrastructure and components, participates in project planning and deployment of new technologies and will be responsible for remediation of identified compliance and risk gaps. He/she works independently, operating under the defined guidelines established by the Director of Information Technology and Security.

ESSENTIAL Job Duties & Responsibilities

• Monitor and advise on information security issues related to the systems and workflow to ensure the internal and external security controls for the company are appropriate and operating as intended
• Documenting gaps between vendor requirements and National MIs infrastructure
• Coordinate and execute IT security projects
• Coordinate response to information security incidents
• Conduct company-wide audits and manage remediation plans
• Collaborate with other areas of IT to manage security vulnerabilities
• Conduct research to keep abreast of latest security issues
• Ensures that system documentation is accurate and updated as needed
• Participates in disaster recovery (DR) exercises as directed
• Logfile review and analysis
• Install and maintain new systems
• Prioritize remediation of gaps based on internal and external audits
• Prepares compliance reports by collecting, analyzing, and summarizing data
• Evaluates information to determine compliance with laws, regulations, or standards

• 3-5 plus years related work experience
• Vendor audit and compliance experience, preferably with the SIG framework
• Strong technical skills in anti-virus, DLP, and PKI
• Strong experience with the McAfee suite of products
• Solid understanding of networking concepts and system administration
• Experience with Nessus, RSA envision, RedHat Linux and database security
• Knowledge of data compliance and privacy standards and regulations as they apply to insurance and banking industries
• Knowledge of Information Security Standards (ISO27001, NIST, etc)
• Self-motivated, self-directed and shows attention to detail while working
• Ability to effectively prioritize and execute reporting tasks in a fast-paced, results-driven environment

• Extensive experience working in a team-oriented, collaborative environment with a diverse team of business and IT staff
• Bachelor's degree in Computer Science or Information Systems preferred; Professional certifications are an advantage

• The ability to function independently with minimal supervision.
• Works ethically and with integrity supporting organizational goals and values
• Displays commitment to excellence
• Completes work in a timely manner and meets deadlines
• Good verbal and written communication skills
• Meets productivity standards and achieves key outcomes
• Is dependable and keeps commitments
• Contributes to building a positive team spirit and treats others with respect

***Must sit in Charlotte, NC, but will be remote!***

Position: Information Security Engineer

Duration: FTE

Compensation: 90-100k with 7.5% bonus

Location: REMOTE but must sit in Charlotte, NC

Summary:

The Information Security Engineer will conduct vulnerability assessments, threat hunting activities, and evaluate deviations from security configurations or policies. The team member also develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

Essential Functions:

Expertise in Information Security Programs

• Conduct Vulnerability Assessments
• Company Security Policy and Procedure Upkeep
• Risk Assessments
• Threat Hunting
• Security Awareness Training
• Operational Security Oversight

Desired Qualifications:

• Degree in Computer Science or related work experience
• 2 years in direct related work experience
• Passion and vision
• Strong communication and presentation skills

Desired Experience:

• Intermediate knowledge of risk management processes
• Intermediate knowledge of information security regulations
• Intermediate knowledge of information technology (IT) supply chain security/risk management policies, requirements, and procedures.
• Experience in Payment Card Industry, Data Security Standards (PCI-DSS), Graham Leach Bliley (GLBA), Healthcare Insurance Portability and Accounting and Accounting Act (HIPAA), Sarbanes-Oxley (SOX)
• Demonstrated real world experience performing grey and black box penetration testing as well as cyber threat emulation services (opposing force)
• Have an understanding of common Web Application vulnerabilities like XSS, CSRF, and others.
• Must be proficient in several of the following tools: PowerShell, Metasploit Framework/Pro, Nexpose, Burp, and the Social Engineering Toolkit
• Must have solid working experience and knowledge of Windows and Unix/Linux operating system, mobile platforms a plus
• Firm understanding of networks, systems and data center architecture
• (Certified Ethical Hacker (CEH)) and (Licensed Penetration Tester (LPT), GIAC Penetration Tester (GPEN), Certified Penetration Tester (CPT)) OSCP or equivalent desired

MUST HAVES

• Azure and/or AWS
• Cloud Incident Response

Role Overview

The Information Security Engineer II – Cloud Incident Responder tackles moderately complex security engineering challenges within their domain. They maintain and enhance existing security controls while actively participating in the design and development of new solutions. They proactively identify and address vulnerabilities or deficiencies within their domain, develop and implement robust controls to mitigate these risks, create detailed documentation, and implement mechanisms to ensure the effectiveness of solutions.

The Engineer II – Cloud Incident Responder will focus on building and operationalizing cloud-specific incident response processes, playbooks, and procedures across Azure, AWS, and GCP environments. This role requires strong technical expertise in cloud security and incident response, and will be instrumental in improving MGB’s ability to detect, respond to, and recover from cloud-based threats.

The Engineer II – Cloud Incident Responder is expected to work independently on moderately complex problems within their domain and provide guidance to junior team members to support their development. They will regularly engage with external stakeholders and partners to support the development of effective solutions.

Responsibilities

• Takes ownership of specific modules or components within projects or tools, from design to implementation.
• Reviews and provides constructive feedback on build/code contributions from team members.
• Participates in architectural discussions and contributes to the design of complex solutions.
• Proactively identifies and optimizes improvement in existing processes.
• Mentors junior team members, sharing knowledge and best practices.
• Cross-Functional collaboration with other teams to ensure successful solution delivery.
• Designs and maintains cloud incident response playbooks tailored to Azure, AWS, and GCP environments.
• Develops and documents cloud-specific IR procedures, including detection, triage, containment, eradication, and recovery workflows.
• Collaborates with cloud engineering, SOC, and threat intelligence teams to ensure alignment of IR capabilities with cloud architecture and threat landscape.
• Participates in tabletop exercises and simulations to validate cloud IR readiness and improve response capabilities.
• Implements automation and orchestration for cloud incident response using native and third-party tools.

Qualifications

• Bachelor’s or Associate’s Degree or requisite experience
• 3+ years of relevant experience
• Experience in cloud security and incident response across Azure, AWS, and GCP
• Certifications such as AWS Certified Security – Specialty, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer are preferred

Skills / Abilities / Competencies

• Strong understanding of cybersecurity concepts within their domain
• High proficiency with the tools and solutions supported by the team
• Solid understanding of system architecture and design
• Strong problem solving skills and analytical thinking to identify solutions to complex problems, and to optimize existing solutions
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
• Excellent communication and teamwork skills to share knowledge, present ideas, and lead discussions
• Proficiency in cloud-native security tools such as AWS GuardDuty, Azure Sentinel, and GCP Security Command Center
• Experience with SIEM, SOAR, and EDR platforms in cloud environments
• Ability to analyze cloud logs and telemetry for threat detection and investigation
• Strong understanding of cloud architecture, IAM, and network security principles

• Use existing tools to conduct automated vulnerability assessments
• Interpret and risk assess scan results from software applications, cloud resources, and infrastructure systems
• Collaborate with various teams within to assist with prioritization of vulnerabilities and ensure remediation occurs within the expected timelines
• Ensure all detected vulnerabilities either from manual or automated testing process are accurately logged and tracked in a ticketing system to facilitate remediation, leadership metrics reporting, and audit readiness
• Bring an AI-first mindset; be able to identify and act upon opportunities to automate vulnerability analysis and prioritization, as well as administrative tasks, while improving the quality of the output to help developers achieve remediation as easily as possible.
• Perform validation testing of remediated vulnerabilities using automated testing tools and manual testing techniques such as with python scripting or otherwise
• Research and analyze vulnerabilities to determine their true risk to Client, considering factors such as exploitability, asset exposure, business impact, and compensating controls
• Apply cyber risk quantification techniques to analyze vulnerability severities
• Create and maintain metrics and dashboards using data from the ticketing system or other sources to support reporting to various stakeholders across Client.
• Assist with security audits and compliance initiatives related to vulnerability management

Job DescriptionJob Description

Rea is a growing Top 100 business advisory & accounting firm providing our clients services in tax, accounting, and business consulting. We have a ‘People First’ culture and we focus on our employees’ well-being and professional development. With over 400 professionals and locations throughout Ohio, our firm has a culture that respects a work-life balance for our team. We also provide competitive compensation and a robust benefits plan.

The Information Security Manager is responsible for overseeing and improving the firm’s information security program to protect systems, data, and infrastructure. This role focuses on managing security risk, compliance, incident response, and continuous improvement of security posture. The Information Security Manager collaborates cross-functionally with IT and other business and practice areas to implement effective security controls and foster a culture of security awareness. 

Responsibilities

• Develop, implement, and maintain the firm’s information security program and initiatives roadmap

• Develop, implement, maintain, and monitor security policies, procedures, and standards in alignment with industry best practices and regulatory requirements

• Conduct regular risk assessments, vulnerability scans, and security reviews to identify and mitigate potential threats and vulnerabilities

• Identify, build, and implement data protection processes and technologies

• Work with the firm’s third-party service providers to help manage firm information security risk

• Coordinate the firm’s incident response efforts, including investigation, documentation, communication, and post-incident analysis

• Evaluate and recommend security tools and technologies to enhance protection and visibility

• Manage the third-party risk program, including vendor security assessments and reviews

• Maintain compliance with applicable laws, regulations, and contractual obligations by leading audits, gap analyses, and remediation efforts

• Lead security awareness training initiatives and phishing simulations to educate employees and promote secure behavior

• Collaborate with IT teams to ensure secure configuration and management of systems, networks, and cloud environments

• Track, report, and present security metrics to leadership and stakeholders

• Serve as the internal subject matter expert on cybersecurity, privacy, and data protection

• Other duties as assigned

Knowledge, Skills, and Abilities

• Expert-level understanding of information security risks and controls, including the zero-trust model

• Advanced knowledge of information security audit and assessment methodologies and best practices

• Expert-level knowledge of information security frameworks, risk management, and incident response

• Strong experience with security tools and platforms (e.g., vulnerability scanners, firewalls, endpoint protection) 

• Strong understanding of security principles in cloud (e.g., Azure, AWS), on-prem, and hybrid environments

• Thorough understanding of compliance programs (e.g., SOC 2, HIPAA)

• Ability to stay current with emerging technologies and architectures

• Solid understanding of IT enterprise architecture in a security context

• Highly self-motivated

• Exceptional written, oral, interpersonal, and presentational skills

• Strong analytical and trouble-shooting abilities

• Keen attention to detail

• Ability to effectively prioritize and participate in simultaneous projects of moderate to high complexity

• Knowledge of analysis, requirements gathering, and industry best practices and tools

• Ability to effectively communicate between business and IT stakeholders

• Ability to use discretion and handle confidential information

Requirements

• Post-secondary education in the field of computer science, information systems, networking, information security, or related discipline
• 5+ years of full-time work experience in cybersecurity, information security, or information technology
• : CISSP, CISM, CISA, Security+  certification

Benefits

Rea offers a wide variety of benefits to help support our employees' health, wellness and financial goals.

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Holidays)
• Four (4) weeks PTO
• Twelve (12) paid holidays, of which three (3) are floating holidays
• Family Leave (Maternity, Paternity)
• Short Term & Long Term
• Training & Development
• Wellness Resources

Rea does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies without pre-approval from Rea’s Talent team. Pre-approval is required before any external candidate can be submitted. Rea will not be responsible for fees related to unsolicited resumes and for candidates who are sent directly to our hiring managers.

We are looking for an experienced Information Security Governance Risk Compliance resource. This person would be relatively senior (7+ years of GRC) and able to operate relatively independently against a goal with touchpoints to leadership a few times per week. The initial project would be to.

Monitor their organizations networks for security breaches and investigate a violation when one occurs

Install and use software, such as firewalls and data encryption programs, to protect sensitive information

Prepare reports that document security breaches and the extent of the damage caused by the breaches

Conduct penetration testing, which is when analysts simulate attacks to look for vulnerabilities in their systems before they can be exploited

Research the latest information technology (IT) security trends

Develop security standards and best practices for their organization

Recommend security enhancements to management or senior IT staff

Help computer users when they need to install or learn about new security products and procedures