Security Engineer | JPMorgan Chase Global Negotiation Guide

Negotiation DNA: Core Infrastructure Systemic Pay Band AI Core Expense Public Equity (NYSE: JPM) $4.1T+ Assets Cybersecurity Operations Threat Detection & Response Regulatory Compliance

---

Compensation Benchmarks — 3-Region Model

Region	Base Salary	Stock (RSU/4yr)	Bonus	Total Comp
New York (HQ)	$155K - $210K	$40K - $65K	$33K - $53K	$228K - $328K
London	£127K / $155K - £172K / $210K	£33K / $40K - £53K / $65K	£27K / $33K - £43K / $53K	£187K / $228K - £269K / $328K
Bengaluru	₹32.3L / $39K - ₹43.8L / $53K	₹8.3L / $10K - ₹13.5L / $16K	₹6.9L / $8K - ₹11.0L / $13K	₹47.5L / $57K - ₹68.3L / $82K

Compensation reflects JPMorgan Chase's public equity structure (NYSE: JPM). RSUs vest over a standard 4-year schedule. All figures represent annual total compensation.

---

Negotiation DNA

Security Engineers at JPMorgan Chase are the original Systemic-band employees. Since 2018, when regulators mandated that JPMorgan treat cybersecurity staffing as a non-discretionary expense, security engineers have operated under the firm's most favorable compensation framework. You defend a $4.1T+ asset base against nation-state threat actors, organized cybercrime syndicates, and insider threats — a responsibility that JPMorgan's board of directors reviews quarterly and that the OCC examines annually. The firm's cybersecurity operation is one of the largest in any industry, with thousands of security professionals defending systems that process trillions of dollars in daily transactions.

The January 21, 2026 reclassification of AI as a core infrastructure expense is uniquely relevant to Security Engineers because it creates a second Systemic classification layer for security roles. Security engineers who protect AI infrastructure are now doubly Systemic — once for cybersecurity (2018 classification) and once for AI infrastructure (2026 classification). This dual Systemic designation is unprecedented and creates the strongest possible compensation argument for security engineers who work on AI system security, model integrity protection, adversarial ML defense, and AI infrastructure hardening.

For Security Engineer candidates, you enter the negotiation with the most established Systemic pay band claim of any role in this guide. The January 2026 AI reclassification does not create your Systemic status — it reinforces and amplifies it. Your negotiation should focus on achieving the ceiling of the Systemic band, not merely entering it.

---

Level Mapping

JPMorgan Level	Goldman Sachs Equivalent	Morgan Stanley Equivalent	Citi Equivalent	Bank of America Equivalent
Security Engineer (VP)	VP Cybersecurity Engineer	VP Information Security Engineer	VP Cybersecurity Analyst	VP Information Security Engineer
Scope	Multi-domain security engineering, threat detection systems, security architecture	Security product ownership	Security operations and engineering	Security tools and operations
Typical YOE	5-10 years	5-9 years	6-11 years	5-10 years
Comp Parity	$225K - $320K TC	$215K - $305K TC	$200K - $285K TC	$190K - $270K TC

---

Core Infrastructure — The Systemic Pay Band Premium

On January 21, 2026, JPMorgan Chase reclassified artificial intelligence as a core infrastructure expense, joining cybersecurity in the firm's non-discretionary budget framework. This activated "Systemic" pay bands for AI-related roles. For Security Engineers, this creates a dual Systemic classification — the original 2018 cybersecurity designation plus the 2026 AI infrastructure designation — commanding a 15-25% premium over standard technology pay bands. For a Security Engineer, this translates to $35K-$60K in additional annual total compensation.

• Dual Systemic Classification — The Strongest Position: Security Engineers are the only role in JPMorgan's technology organization with two independent Systemic classifications. The 2018 cybersecurity classification established the precedent; the January 2026 AI reclassification creates a second, overlapping classification for security engineers who protect AI infrastructure. This dual designation means your pay band floor should be higher than either single Systemic band: "I carry dual Systemic classification — cybersecurity since 2018 and AI infrastructure since January 21, 2026. No other role has two independent Systemic designations. My compensation should reflect the ceiling of the combined Systemic band — $328K TC."

• The 15-25% Premium in Dollar Terms: Standard tech band total compensation for a Security Engineer at JPMorgan ranges from $228K to $275K. Single Systemic band compensation ranges from $265K to $310K. Dual Systemic band compensation (cybersecurity + AI) ranges from $290K to $328K. The premium is distributed across all components: base salary (+$15K-$25K), RSU grants (+$10K-$20K/year), and bonus targets (+$10K-$18K). Security engineers in dual Systemic bands also receive priority access to training budgets, security clearance sponsorship, and conference attendance — benefits worth $8K-$15K annually.

• AI Security as Emerging Regulatory Requirement: Regulators are actively developing frameworks for AI system security in financial services — adversarial robustness testing, model integrity verification, data poisoning detection, and AI supply chain security. Security Engineers who specialize in these emerging requirements are positioned at the frontier of regulatory compliance. Use this: "AI security is the next major regulatory requirement. I bring expertise in adversarial ML defense, model integrity, and AI supply chain security — skills that fewer than 1,500 engineers globally possess. The dual Systemic band ceiling of $328K reflects both the existing regulatory mandate and the emerging AI security compliance requirement."

• Threat Actor Escalation as Perpetual Demand Driver: AI infrastructure at financial institutions is a high-priority target for nation-state threat actors and sophisticated cybercrime operations. The threat landscape for AI systems is expanding faster than the security talent pool. This supply-demand imbalance permanently supports top-of-band compensation: "AI systems at SIFI-designated banks are priority targets for nation-state actors. The security talent pool for AI infrastructure defense is fewer than 3,000 globally. The $328K TC I'm requesting reflects a permanent supply-demand imbalance that will only widen — locking in this compensation now is a discount versus what the market will demand in 12 months."

---

Global Levers

1. Lever 1 — Big Tech Security Engineering Parity

   "I have a competing offer as a Security Engineer at [Google/Microsoft/Amazon] at $305K total compensation. JPMorgan's security engineering role carries dual Systemic classification, regulatory examination exposure, and the responsibility of defending a $4.1T asset base against nation-state threats. I'm targeting $325K TC — Big Tech parity plus the dual Systemic premium and regulatory complexity that no Big Tech role matches."

2. Lever 2 — Clearance and Regulatory Access Premium

   "This role requires engagement with federal regulators, law enforcement agencies, and intelligence community partners. The background investigation requirements and ongoing compliance obligations warrant a $20K base salary premium over non-cleared technical roles — $200K vs. $180K base. This is standard practice for cleared security professionals in government contracting, and JPMorgan's regulatory engagement demands are comparable."

3. Lever 3 — Incident Response Readiness Premium

   "This role includes 24/7 on-call responsibility for security incidents — events that trigger mandatory regulatory reporting within 36 hours under OCC guidelines. Each incident I respond to carries potential board-level visibility and public disclosure requirements. I'm requesting a formalized incident response premium of $15K annually in addition to the base compensation package, bringing target TC to $328K."

4. Lever 4 — AI Security Specialization Scarcity

   "Fewer than 1,500 security engineers globally have demonstrated expertise in adversarial ML defense, model integrity verification, and AI supply chain security. I hold certifications in [relevant certs] and have published research in AI security. This specialization, combined with financial services domain expertise, places me in the top 0.5% of available candidates. The dual Systemic band ceiling of $328K is the minimum appropriate compensation for this skill set."

---

Negotiate Up Strategy: Target $310K TC in New York by anchoring at $345K with a competing Big Tech security offer plus dual Systemic classification. Counter any initial offer below $270K by invoking the dual Systemic classification — cybersecurity (2018) plus AI core infrastructure (2026) — this escalation adds $35K-$55K. Walk-away floor: $255K TC (New York), £205K TC (London), ₹53L TC (Bengaluru). Negotiate signing bonus separately targeting $45K-$70K, framed as forfeited equity and clearance transition costs. In London, push for the VP Systemic band and confirm dual classification carries over to UK compensation framework. In Bengaluru, negotiate for US-benchmarked RSU grants ($35K-$60K/year) and a formalized on-call/incident response premium.

---

Evidence & Sources

• JPMorgan Chase 2025 Annual Report — Cybersecurity Investment & Strategy [1]
• Levels.fyi — JPMorgan Chase Security Engineer Compensation Data [2]
• Bloomberg — JPMorgan's $600M+ Annual Cybersecurity Budget and AI Security Initiative [3]
• Financial Times — AI Core Infrastructure and Cybersecurity Dual Classification at Wall Street Banks (Jan 2026) [4]
• OCC — Cybersecurity and AI Risk Examination Guidelines for National Banks [5]
• Glassdoor — JPMorgan Chase Security Engineer Reviews & Salary [6]
• CISA — AI Security Guidelines for Critical Infrastructure (2025) [7]