Lead Security Engineer - Cryptographic Libraries & TLS

Take on a crucial role where you'll be a key part of a high-performing team building and maintaining foundational cryptographic infrastructure. Make a real impact as you help shape the way secure communications are configured, tested, and deployed across the enterprise at one of the world's largest and most influential companies.

As a Lead Security Engineer at JPMorgan Chase within the CTC Emerging Technologies Security group, you will own and evolve a TLS abstraction layer that provides a unified interface for TLS stack configuration across Java, Python, and Node.js runtimes. You will serve as both a hands-on developer and a subject-matter expert at the intersection of network security protocols and polyglot software engineering. You will be responsible for ensuring that the library remains secure, performant, well-tested, and aligned with evolving TLS standards and enterprise security policy.


Job Responsibilities

• Design, implement, debug, and extend the TLS abstraction layer, ensuring consistent TLS configuration and behavior across Java (JSSE/Bouncy Castle), Python (ssl/OpenSSL bindings), and Node.js (built-in TLS/OpenSSL) runtimes.
• Serve as the team's subject-matter expert on TLS 1.2 and 1.3 handshake mechanics, cipher suite negotiation, certificate validation, key exchange algorithms, and session resumption - and translate that expertise into library design decisions.
• Architect clean, well-documented APIs that decouple application-level TLS intent (e.g., minimum protocol version, allowed cipher suites, certificate pinning, mutual TLS) from the platform-specific implementation details of each runtime's TLS stack.
• Build and maintain comprehensive test suites - including unit, integration, interoperability, and protocol-conformance tests - that verify correct TLS behavior across all supported runtimes and configurations. Develop test harnesses that exercise edge cases such as certificate chain validation failures, protocol downgrade scenarios, and cipher suite mismatches.
• Design, maintain, and improve CI/CD pipelines for the library, including automated builds, multi-runtime test matrices, static analysis, dependency scanning, and artifact publishing across all supported language ecosystems (Maven/Gradle, PyPI, npm).
• Triage and resolve complex TLS-related issues reported by consuming applications, including handshake failures, performance regressions, certificate trust-store misconfigurations, and runtime-specific behavioral differences.
• Monitor developments in TLS standards (IETF RFCs), cryptographic library updates (OpenSSL, Bouncy Castle), and runtime release notes to proactively assess impact on the library and plan necessary updates.
• Produce clear integration guides, migration documentation, and configuration references so that consuming teams can adopt and configure the library with minimal friction.
• Work with application teams, platform engineering, and enterprise security policy owners to gather requirements, communicate breaking changes, and align library capabilities with organizational security mandates.
• Contribute to a team culture of diversity, equity, inclusion, and mutual respect.

Required Qualifications, Capabilities, and Skills

• Bachelor's degree in Computer Science, Computer Engineering, or a related field; 7+ years of software development experience, with at least 3 years focused on security-sensitive or infrastructure-level library development.
• Strong hands-on development skills in at least two of Java, Python, and Node.js/TypeScript, with a willingness and ability to work across all three. Experience with each language's native TLS/cryptographic APIs (e.g., JSSE, Python ssl module, Node.js tls module).
• Deep understanding of TLS 1.2 and 1.3 - including handshake flows, key exchange mechanisms (ECDHE, DHE), certificate authentication (X.509, chain-of-trust, Certificate Verify), cipher suite semantics, ALPN/SNI, and session management. Familiarity with underlying cryptographic primitives (AES-GCM, ChaCha20-Poly1305, RSA, ECDSA, EdDSA, HKDF).
• Demonstrated experience designing, versioning, and maintaining libraries or SDKs consumed by other engineering teams, including thoughtful API surface design, semantic versioning, and backward-compatibility management.
• Proven experience building multi-dimensional test strategies for security-critical software, including protocol-conformance testing, cross-platform interoperability testing, and negative/adversarial test cases.
• Hands-on experience designing and maintaining CI/CD pipelines (e.g., Jenkins, GitHub Actions, or equivalent), including multi-language build matrices, automated security scanning (SAST, dependency vulnerability checks), and artifact publication.
• Strong diagnostic skills for network-level issues - comfortable using tools like Wireshark, OpenSSL CLI ( s_client , s_server ), keytool , and language-specific debuggers to trace TLS handshake failures and certificate issues.
• Solid understanding of agile development methodologies, including iterative delivery, code review discipline, and application resiliency principles.

Preferred Qualifications, Capabilities, and Skills

• Experience with cryptographic library internals such as OpenSSL, Bouncy Castle, or LibreSSL.
• Familiarity with FIPS 140-2/140-3 compliance requirements and their impact on TLS configuration and cryptographic provider selection.
• Experience with mutual TLS (mTLS) at scale, including certificate lifecycle management and automated rotation.
• Knowledge of PKI systems, HSMs, or key management infrastructure.
• Experience with container-based build and test environments (Docker, Kubernetes) and cloud platforms (AWS).
• Familiarity with performance profiling of TLS handshakes and bulk-encryption throughput across runtimes.
• Experience using AI-assisted development tools (e.g., GitHub Copilot, Claude Code ) to accelerate library development and test generation.
• Relevant certifications such as CISSP, CCSP, or vendor-specific security credentials are a plus but not required.

#CTC

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.


We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.


We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.


JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Base Pay/Salary
Palo Alto,CA $152,000.00 - $215,000.00 / year; Seattle,WA $152,000.00 - $215,000.00 / year