Connect to your Industry Cyber Risk & Security. Everybody's talking about it. Every major corporation is concerned by it. The Government is investing £1.9 billion in tackling it. We're shaping strategies and transforming technology to minimise it and we need you to join us. You'll build strong relationships within a Cyber practice with over 200 extremely talented individuals. Our team brings together people who graduated in everything from Philosophy to Law, Maths and Computer Science. Join them and you will operate at the cutting edge, enjoying the kind of professional development that will set your potential free. At Deloitte, the Cyber Identity team help our clients assess, design, and implement Identity solutions to support digital change and reduce the risk of high impact cyber-attacks. Quite simply, the Identity team help ensure our client's business can expand and adapt to the changing digital and regulatory needs in a secure and complaint manner. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity You will have a passion and curiosity, for cyber and technology, comfortable with operating in a fastpaced environment where you will define and lead the implementation of various identity solutions that enable our clients explore new business opportunities, while reducing the risk of these changes. As an IAM technical specialist/lead, you will be responsible for: Engagement Delivery: Leading large and complex IAM engagements, you will be well versed in the Identity lifecycle and concepts as well as alignment of requirements to security frameworks like NIST. Supporting clients to define and develop their identity projects and programmes, from current state review through to CIAM strategies, roadmap development, and execution of activities to mobilise projects and programmes. Project and programme delivery, covering solution requirements definition, solution architecture, high and low-level design development, solution build / configuration / deployment / integration, supported by testing and hand-over to business as usual operational teams. Form part of digital transformation and enterprise recovery engagements delivering IAM solutions and remediation activity. Deliver broader cyber engagements where needed (across related disciplines like architecture, data security and application security) Market Development: Distilling complex technical matters into simple narratives to drive and lead conversations with senior client stakeholders. Ongoing client engagement / relationship management - building and maintaining client relationships in support of account targeting. Opportunity pursuit - engaging with clients to capture problem statements / solution requirements, developing client propositions / solutions, defining detailed delivery timelines, resource requirements and cost estimates, and supporting client pitch activity. Working with FS sector leadership to shape and refine both existing and new IAM market propositions / offerings. Connect to your skills and professional experience Whilst a bachelor's degree (or equivalent) in Computer Science or Engineering is desirable, we are more interested in your real-world professional experience and your ability to turn this into impactful client outcomes. Technical Skills: The skills we want you to ultimately have will cover: Broad enterprise identity experience across Enterprise and Customer Authentication, with demonstrable ability to build identity strategies which integrate into client enterprise architectures and beyond. Experience working in a digital transformation environment supporting the definition of Identity architecture leveraging cloud native and/or other IAM solutions. Advanced, practical experience of a variety of CIAM solutions such as ForgeRock, Ping, Microsoft Azure B2C, Okta, and Auth0 or equivalent. Advanced, practical experience of cloud hosting services including, Amazon Web Services, Microsoft Azure, Google Cloud Platform. Hands-on experience of Microsoft Active Directory/Azure AD Domain Services, Federation Services, Certificate Services, DNS and DHCP or equivalent. Hands-on experience of implementation of OAuth, OIDC and JWTs. Understanding of decentralised identity, verifiable credentials, microservices and Trust over IP architecture stack. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations. Consulting Skills: Project management - Experience with waterfall and agile type methodologies, often working within client specified frameworks. Delivery team management: Managing teams across a mix of locations, cultures, and experience levels. Client stakeholder management - Strong communication and relationship skills to manage a variety of client stakeholders from CISO to Developer. In addition to the above the following are desirable: Consulting or equivalent background. Understanding of malware and the modern threat landscape. Relevant certifications (e.g. CISSP, certifications from Microsoft, ISC2, ISACA, SANS, GIAC, ECCouncil etc. or equivalent). Exposure to/Understanding of DevOps tools and repositories (e.g. Git, Azure Dev Ops, Kubernetes, Docker, Jenkins, Ansible etc.). Role based access control (RBAC) design. Practical experience with Linux operating systems. Experience with Modern Authentication concepts e.g. Self-Service Identity, Bring your own Identity, SCIM, SAML, WS-Federation, OAuth, Open ID Connect or equivalent. Ability to hold Security Clearance. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "Join Deloitte and you'll be guiding major clients to their best technology and process decisions. You'll work at the cutting edge, with some of the finest minds in this field, and be able to take your career in any direction." - Deloitte employee "At Deloitte, is collaboration that sets us apart. Our scale and structure mean you can draw on all kinds of expertise from across our entire global business and behave as a true business partner for your clients." - Deloitte employee Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Connect to your return to work opportunity Are you looking to return to the workplace after an extended career break? For this role we can offer coaching and support designed for returners to refresh your knowledge and skills . click apply for full job details
14/03/2026
Full time
Connect to your Industry Cyber Risk & Security. Everybody's talking about it. Every major corporation is concerned by it. The Government is investing £1.9 billion in tackling it. We're shaping strategies and transforming technology to minimise it and we need you to join us. You'll build strong relationships within a Cyber practice with over 200 extremely talented individuals. Our team brings together people who graduated in everything from Philosophy to Law, Maths and Computer Science. Join them and you will operate at the cutting edge, enjoying the kind of professional development that will set your potential free. At Deloitte, the Cyber Identity team help our clients assess, design, and implement Identity solutions to support digital change and reduce the risk of high impact cyber-attacks. Quite simply, the Identity team help ensure our client's business can expand and adapt to the changing digital and regulatory needs in a secure and complaint manner. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity You will have a passion and curiosity, for cyber and technology, comfortable with operating in a fastpaced environment where you will define and lead the implementation of various identity solutions that enable our clients explore new business opportunities, while reducing the risk of these changes. As an IAM technical specialist/lead, you will be responsible for: Engagement Delivery: Leading large and complex IAM engagements, you will be well versed in the Identity lifecycle and concepts as well as alignment of requirements to security frameworks like NIST. Supporting clients to define and develop their identity projects and programmes, from current state review through to CIAM strategies, roadmap development, and execution of activities to mobilise projects and programmes. Project and programme delivery, covering solution requirements definition, solution architecture, high and low-level design development, solution build / configuration / deployment / integration, supported by testing and hand-over to business as usual operational teams. Form part of digital transformation and enterprise recovery engagements delivering IAM solutions and remediation activity. Deliver broader cyber engagements where needed (across related disciplines like architecture, data security and application security) Market Development: Distilling complex technical matters into simple narratives to drive and lead conversations with senior client stakeholders. Ongoing client engagement / relationship management - building and maintaining client relationships in support of account targeting. Opportunity pursuit - engaging with clients to capture problem statements / solution requirements, developing client propositions / solutions, defining detailed delivery timelines, resource requirements and cost estimates, and supporting client pitch activity. Working with FS sector leadership to shape and refine both existing and new IAM market propositions / offerings. Connect to your skills and professional experience Whilst a bachelor's degree (or equivalent) in Computer Science or Engineering is desirable, we are more interested in your real-world professional experience and your ability to turn this into impactful client outcomes. Technical Skills: The skills we want you to ultimately have will cover: Broad enterprise identity experience across Enterprise and Customer Authentication, with demonstrable ability to build identity strategies which integrate into client enterprise architectures and beyond. Experience working in a digital transformation environment supporting the definition of Identity architecture leveraging cloud native and/or other IAM solutions. Advanced, practical experience of a variety of CIAM solutions such as ForgeRock, Ping, Microsoft Azure B2C, Okta, and Auth0 or equivalent. Advanced, practical experience of cloud hosting services including, Amazon Web Services, Microsoft Azure, Google Cloud Platform. Hands-on experience of Microsoft Active Directory/Azure AD Domain Services, Federation Services, Certificate Services, DNS and DHCP or equivalent. Hands-on experience of implementation of OAuth, OIDC and JWTs. Understanding of decentralised identity, verifiable credentials, microservices and Trust over IP architecture stack. Detail oriented and strong problem-solving skills. Excellent oral and written communication skills including concisely communicating status and creating customer reports and presentations. Consulting Skills: Project management - Experience with waterfall and agile type methodologies, often working within client specified frameworks. Delivery team management: Managing teams across a mix of locations, cultures, and experience levels. Client stakeholder management - Strong communication and relationship skills to manage a variety of client stakeholders from CISO to Developer. In addition to the above the following are desirable: Consulting or equivalent background. Understanding of malware and the modern threat landscape. Relevant certifications (e.g. CISSP, certifications from Microsoft, ISC2, ISACA, SANS, GIAC, ECCouncil etc. or equivalent). Exposure to/Understanding of DevOps tools and repositories (e.g. Git, Azure Dev Ops, Kubernetes, Docker, Jenkins, Ansible etc.). Role based access control (RBAC) design. Practical experience with Linux operating systems. Experience with Modern Authentication concepts e.g. Self-Service Identity, Bring your own Identity, SCIM, SAML, WS-Federation, OAuth, Open ID Connect or equivalent. Ability to hold Security Clearance. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "Join Deloitte and you'll be guiding major clients to their best technology and process decisions. You'll work at the cutting edge, with some of the finest minds in this field, and be able to take your career in any direction." - Deloitte employee "At Deloitte, is collaboration that sets us apart. Our scale and structure mean you can draw on all kinds of expertise from across our entire global business and behave as a true business partner for your clients." - Deloitte employee Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Connect to your return to work opportunity Are you looking to return to the workplace after an extended career break? For this role we can offer coaching and support designed for returners to refresh your knowledge and skills . click apply for full job details
Join us as a Senior Security Engineer for CIAM at Barclays, where you will bring to life a new digital platform capability, transforming and modernising our digital estate to build a market-leading digital offering with customer experience at its heart. This is an exciting and key role, partnering with business aligned engineering and product teams, to ensure a collaborative team culture is at the heart of what we do. To be successful in this role you should have: Experience across configuration and integration with Hardware Security Module (HSM) and AWS Secrets Manager (ASM) tooling, certificate lifecycle management, e.g. rotation, revocation, and in automating security workflows Experience using GitLab CI/CD pipelines, AWS CLI or Chef. Strong experience with Cloud Security expertise across the following areas: AWS security controls, policies and automation, CLI tools, role based and attribute-based access controls, cryptographic protocols and secure key lifecycle management, advanced threat modelling, SOC operations, securing microservices and APIs, DevSecOps best practices, vulnerability scanning, tools, approaches, vulnerability patching and vendor management for security Strong experience in penetration testing and hands-on coding in at least one of the following: JavaScript, Java, Python. Some other highly desirable skills include: Experience in hands-on configuration, deployment and operation of ForgeRock COTS based IAM solutions (PingGateway, PingAM, PingIDM, PingDS) with embedded security gates, HTTP header signing, access token and data at rest encryption, PKI based self-sovereign identity, or open source You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. This role will be based out of our London office. Purpose of the role To develop, implement and maintain solutions that support the safeguarding of the banks systems and sensitive information. Accountabilities Provision of subject matter expertise on security systems and engineering patterns. Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems. Management and protection of secrets, ensuring that they are securely generated, stored, and used. Execution of audits to monitor, identify and assess vulnerabilities in the banks infrastructure/software and support the response to potential security breaches. Identification of advancements in to support the innovation and adoption of new cryptographic technologies and techniques. Collaboration across the bank, including developers and security teams, to ensure that cryptographic solutions align with business objectives, security policies and regulatory requirements. Development/ Implementation and maintenance of Identity and Access Management solutions and systems. Vice President Expectations To contribute or set strategy, drive requirements and make recommendations for change. Plan resources, budgets, and policies; manage and maintain policies/ processes; deliver continuous improvements and escalate breaches of policies/procedures If managing a team, they define jobs and responsibilities, planning for the department's future needs and operations, counselling employees on performance and contributing to employee pay decisions/changes. They may also lead a number of specialists to influence the operations of a department, in alignment with strategic as well as tactical priorities, while balancing short and long term goals and ensuring that budgets and schedules meet corporate requirements If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others OR for an individual contributor, they will be a subject matter expert within own discipline and will guide technical direction. They will lead collaborative, multi-year assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In-depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave.
03/10/2025
Full time
Join us as a Senior Security Engineer for CIAM at Barclays, where you will bring to life a new digital platform capability, transforming and modernising our digital estate to build a market-leading digital offering with customer experience at its heart. This is an exciting and key role, partnering with business aligned engineering and product teams, to ensure a collaborative team culture is at the heart of what we do. To be successful in this role you should have: Experience across configuration and integration with Hardware Security Module (HSM) and AWS Secrets Manager (ASM) tooling, certificate lifecycle management, e.g. rotation, revocation, and in automating security workflows Experience using GitLab CI/CD pipelines, AWS CLI or Chef. Strong experience with Cloud Security expertise across the following areas: AWS security controls, policies and automation, CLI tools, role based and attribute-based access controls, cryptographic protocols and secure key lifecycle management, advanced threat modelling, SOC operations, securing microservices and APIs, DevSecOps best practices, vulnerability scanning, tools, approaches, vulnerability patching and vendor management for security Strong experience in penetration testing and hands-on coding in at least one of the following: JavaScript, Java, Python. Some other highly desirable skills include: Experience in hands-on configuration, deployment and operation of ForgeRock COTS based IAM solutions (PingGateway, PingAM, PingIDM, PingDS) with embedded security gates, HTTP header signing, access token and data at rest encryption, PKI based self-sovereign identity, or open source You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills. This role will be based out of our London office. Purpose of the role To develop, implement and maintain solutions that support the safeguarding of the banks systems and sensitive information. Accountabilities Provision of subject matter expertise on security systems and engineering patterns. Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems. Management and protection of secrets, ensuring that they are securely generated, stored, and used. Execution of audits to monitor, identify and assess vulnerabilities in the banks infrastructure/software and support the response to potential security breaches. Identification of advancements in to support the innovation and adoption of new cryptographic technologies and techniques. Collaboration across the bank, including developers and security teams, to ensure that cryptographic solutions align with business objectives, security policies and regulatory requirements. Development/ Implementation and maintenance of Identity and Access Management solutions and systems. Vice President Expectations To contribute or set strategy, drive requirements and make recommendations for change. Plan resources, budgets, and policies; manage and maintain policies/ processes; deliver continuous improvements and escalate breaches of policies/procedures If managing a team, they define jobs and responsibilities, planning for the department's future needs and operations, counselling employees on performance and contributing to employee pay decisions/changes. They may also lead a number of specialists to influence the operations of a department, in alignment with strategic as well as tactical priorities, while balancing short and long term goals and ensuring that budgets and schedules meet corporate requirements If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others OR for an individual contributor, they will be a subject matter expert within own discipline and will guide technical direction. They will lead collaborative, multi-year assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions Advise key stakeholders, including functional leadership teams and senior management on functional and cross functional areas of impact and alignment. Manage and mitigate risks through assessment, in support of the control and governance agenda. Demonstrate leadership and accountability for managing risk and strengthening controls in relation to the work your team does. Demonstrate comprehensive understanding of the organisation functions to contribute to achieving the goals of the business. Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategies. Create solutions based on sophisticated analytical thought comparing and selecting complex alternatives. In-depth analysis with interpretative thinking will be required to define problems and develop innovative solutions. Adopt and include the outcomes of extensive research in problem solving processes. Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave.
Job Description As a Lead Software Engineer at JPMorganChase within the Cloud Foundational Services Public Cloud Engineering organisation, you are an integral part of an agile team that works to enhance, build, and deliver high quality technology products in a secure, stable, and scalable way. As a core technical contributor, your knowledge and contributions will significantly influence the business, and your deep technical comprehension and problem-solving abilities will be utilized to tackle a broad spectrum of challenges across diverse technologies and applications. Job responsibilities Executes creative software solutions, design, development, and technical troubleshooting with ability to think beyond routine or conventional approaches to build solutions or break down technical problems Develops secure high-quality production code, and reviews and debugs code written by others Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall operational stability of software applications and systems Leads evaluation sessions with external vendors, startups, and internal teams to drive outcomes-oriented probing of architectural designs, technical credentials, and applicability for use within existing systems and information architecture Influences peers and thought leaders to drive awareness and use of new and leading-edge technologies Adds to team culture of diversity, opportunity, inclusion, and respect Ensures compliance with security and regulatory requirements for the cloud Collaborates with other cloud platform engineering teams to enable the delivery of high-quality, secure, and scalable applications on the cloud Required qualifications, capabilities, and skills Formal training or certification in Computer Science or as a technical architect with 5+ years of applied experience in AWS services (EKS, ECS, EC2, VPC, S3, IAM, Lambda, DynamoDB, Route53, ELB), Terraform for Infrastructure as Code (IaC), and practical cloud-native experience. Proficiency in automation and continuous delivery methods, including CI/CD pipelines and tools such as Jenkins and Spinnaker. Experience with version control systems, particularly Git. Proficiency in at least one programming language, particularly Python or Go, and proficient in all aspects of the Software Development Life Cycle. Experience with sentinel policy, knowledge of security best practices in cloud environments, and a strong understanding of networking concepts, including DNS and load balancing Familiarity with containerization technologies such as Docker and Kubernetes. Ability to tackle design and functionality problems independently with little to no oversight. Hands-on practical experience delivering system design, application development, testing, and operational stability. Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., cloud, AI, machine learning, mobile) and in-depth knowledge of the financial services industry and their IT systems. Preferred qualifications, capabilities, and skills An AWS Certification such AWS Certified Solutions Architect, or AWS Certified Developer. HashiCorp Certified: Terraform Associate. Experience with other cloud providers such as Azure or Google Cloud Platform. Experience using the vCluster platform Ability to rapidly learn and adapt to new technologies. Preferred qualifications, capabilities, and skills An AWS Certification such AWS Certified Solutions Architect, or AWS Certified Developer. HashiCorp Certified: Terraform Associate. Experience with other cloud providers such as Azure or Google Cloud Platform. Experience using the vCluster platform Ability to rapidly learn and adapt to new technologies. About Us J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation. About The Team Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.
01/09/2025
Full time
Job Description As a Lead Software Engineer at JPMorganChase within the Cloud Foundational Services Public Cloud Engineering organisation, you are an integral part of an agile team that works to enhance, build, and deliver high quality technology products in a secure, stable, and scalable way. As a core technical contributor, your knowledge and contributions will significantly influence the business, and your deep technical comprehension and problem-solving abilities will be utilized to tackle a broad spectrum of challenges across diverse technologies and applications. Job responsibilities Executes creative software solutions, design, development, and technical troubleshooting with ability to think beyond routine or conventional approaches to build solutions or break down technical problems Develops secure high-quality production code, and reviews and debugs code written by others Identifies opportunities to eliminate or automate remediation of recurring issues to improve overall operational stability of software applications and systems Leads evaluation sessions with external vendors, startups, and internal teams to drive outcomes-oriented probing of architectural designs, technical credentials, and applicability for use within existing systems and information architecture Influences peers and thought leaders to drive awareness and use of new and leading-edge technologies Adds to team culture of diversity, opportunity, inclusion, and respect Ensures compliance with security and regulatory requirements for the cloud Collaborates with other cloud platform engineering teams to enable the delivery of high-quality, secure, and scalable applications on the cloud Required qualifications, capabilities, and skills Formal training or certification in Computer Science or as a technical architect with 5+ years of applied experience in AWS services (EKS, ECS, EC2, VPC, S3, IAM, Lambda, DynamoDB, Route53, ELB), Terraform for Infrastructure as Code (IaC), and practical cloud-native experience. Proficiency in automation and continuous delivery methods, including CI/CD pipelines and tools such as Jenkins and Spinnaker. Experience with version control systems, particularly Git. Proficiency in at least one programming language, particularly Python or Go, and proficient in all aspects of the Software Development Life Cycle. Experience with sentinel policy, knowledge of security best practices in cloud environments, and a strong understanding of networking concepts, including DNS and load balancing Familiarity with containerization technologies such as Docker and Kubernetes. Ability to tackle design and functionality problems independently with little to no oversight. Hands-on practical experience delivering system design, application development, testing, and operational stability. Demonstrated proficiency in software applications and technical processes within a technical discipline (e.g., cloud, AI, machine learning, mobile) and in-depth knowledge of the financial services industry and their IT systems. Preferred qualifications, capabilities, and skills An AWS Certification such AWS Certified Solutions Architect, or AWS Certified Developer. HashiCorp Certified: Terraform Associate. Experience with other cloud providers such as Azure or Google Cloud Platform. Experience using the vCluster platform Ability to rapidly learn and adapt to new technologies. Preferred qualifications, capabilities, and skills An AWS Certification such AWS Certified Solutions Architect, or AWS Certified Developer. HashiCorp Certified: Terraform Associate. Experience with other cloud providers such as Azure or Google Cloud Platform. Experience using the vCluster platform Ability to rapidly learn and adapt to new technologies. About Us J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives. We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation. About The Team Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.
Malware Reverse Engineer Location: Remote working - Office based in Reading Salary: Competitive Salary and Benefits Career Level : Specialist, Associate Manager or Manager About Accenture Cyber Threat Intelligence (ACTI) ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain. Who You Are You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence. Role Description As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis. Key Responsibilities Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting. Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events. Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes. Improve existing tools that extract known malware family configurations based on reverse engineering results. Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes. Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations. Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies. Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems' self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations. Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically. Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations. Develop decoders to extract malware configurations-including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects-based on reverse engineering results. Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code. Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects. Basic Qualifications Bachelor's Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience. Experience with malware analysis, reverse engineering, and development. Ability to write, understand, and/or analyze code in programming and scripting languages, including Assembly x86/x64, C, C++, Python, JavaScript, Java, PHP, and HTML. Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques. Understanding of operating system internals and the Windows API. Experience with debuggers, decompilers, and network traffic analysis tools. Development experience in Assembly, Python, C, or C++. Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA). Required Skills Ability to analyze and unpack obfuscated code. Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement. Strong problem solving and critical thinking capabilities. Desired Skills Two or more years of experience in malware analysis, reverse engineering, and development fields. Deep understanding of operating system internals and the Windows API. Ability to work with a high degree of independence. Ability to collaborate in a team environment to focus on a common goal. Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 25days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications: 30/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found.
24/09/2022
Full time
Malware Reverse Engineer Location: Remote working - Office based in Reading Salary: Competitive Salary and Benefits Career Level : Specialist, Associate Manager or Manager About Accenture Cyber Threat Intelligence (ACTI) ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain. Who You Are You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence. Role Description As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis. Key Responsibilities Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting. Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events. Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes. Improve existing tools that extract known malware family configurations based on reverse engineering results. Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes. Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations. Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies. Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems' self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations. Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically. Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations. Develop decoders to extract malware configurations-including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects-based on reverse engineering results. Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code. Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects. Basic Qualifications Bachelor's Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience. Experience with malware analysis, reverse engineering, and development. Ability to write, understand, and/or analyze code in programming and scripting languages, including Assembly x86/x64, C, C++, Python, JavaScript, Java, PHP, and HTML. Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques. Understanding of operating system internals and the Windows API. Experience with debuggers, decompilers, and network traffic analysis tools. Development experience in Assembly, Python, C, or C++. Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA). Required Skills Ability to analyze and unpack obfuscated code. Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement. Strong problem solving and critical thinking capabilities. Desired Skills Two or more years of experience in malware analysis, reverse engineering, and development fields. Deep understanding of operating system internals and the Windows API. Ability to work with a high degree of independence. Ability to collaborate in a team environment to focus on a common goal. Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 25days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications: 30/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found.
One of the world's leading e-trading company listed on NASDAQ is looking for Cloud Engineer with extensive experience in AWS for a permanent/contract role in London, UK Skills: Cloud Formation, Ansible, General Infra (EC2/EBS/EFS/Networks), General Security (Encryption/SSM/KMS/IAM) AWS Services: Sagemaker, S3, API Gateway, ROSA, Elastic Search Role Details: Cloud Security Engineer looking for a chance to create and implement cutting-edge, scalable, and resilient cloud security for a FinTech global company. Work alongside DevOps, Architects, Product, and Developers, introducing and implementing best practices to our SaaS application environment. As our new Cloud Security Engineer, you will own, run, and manage all security aspects across our flagship product landscape and within all areas of the development life cycle. You will provide security advice and guidance through knowledge sharing and training to various stakeholders using Cloud/AWS solutions and infrastructure. You will be both hands-on and strategic as you design and implement security for internal and external-facing AWS applications and systems You have the technical and analytical skills to identify, initiate, configure and deploy cloud security across internal and external applications globally. Ideally, you have security certification such as CISSP or CCSP or CCSK or any AWS Certified Professional or Specialty certification (eg, AWS Certified Security Specialty). You have hands-on experience in security or engineering operations of AWS services, including basic compute and storage (EC2, EBS, S3), networking (VPC), and exposure to security services (Encryption/SSM/KMS/IAM ). You have a first-hand understanding of Cyber and Information Security, preferably at a large organisation, including experience: Assessing new and existing cloud implementations, identifying security issues, misconfigurations, and prioritising fixes/remediation. Analysing Enterprise IT and Information Security concepts like Network, Storage, Virtualisation, Identity Management, Encryption, and Server Management. You have strong verbal and written communication skills
11/09/2021
Full time
One of the world's leading e-trading company listed on NASDAQ is looking for Cloud Engineer with extensive experience in AWS for a permanent/contract role in London, UK Skills: Cloud Formation, Ansible, General Infra (EC2/EBS/EFS/Networks), General Security (Encryption/SSM/KMS/IAM) AWS Services: Sagemaker, S3, API Gateway, ROSA, Elastic Search Role Details: Cloud Security Engineer looking for a chance to create and implement cutting-edge, scalable, and resilient cloud security for a FinTech global company. Work alongside DevOps, Architects, Product, and Developers, introducing and implementing best practices to our SaaS application environment. As our new Cloud Security Engineer, you will own, run, and manage all security aspects across our flagship product landscape and within all areas of the development life cycle. You will provide security advice and guidance through knowledge sharing and training to various stakeholders using Cloud/AWS solutions and infrastructure. You will be both hands-on and strategic as you design and implement security for internal and external-facing AWS applications and systems You have the technical and analytical skills to identify, initiate, configure and deploy cloud security across internal and external applications globally. Ideally, you have security certification such as CISSP or CCSP or CCSK or any AWS Certified Professional or Specialty certification (eg, AWS Certified Security Specialty). You have hands-on experience in security or engineering operations of AWS services, including basic compute and storage (EC2, EBS, S3), networking (VPC), and exposure to security services (Encryption/SSM/KMS/IAM ). You have a first-hand understanding of Cyber and Information Security, preferably at a large organisation, including experience: Assessing new and existing cloud implementations, identifying security issues, misconfigurations, and prioritising fixes/remediation. Analysing Enterprise IT and Information Security concepts like Network, Storage, Virtualisation, Identity Management, Encryption, and Server Management. You have strong verbal and written communication skills
