Job Description

:

As a Senior Cyber Detection Engineer of the Attack Analysis team, you will fit into a Global team providing 24/7 monitoring and Incident Response, acting as the frontline for attacks against the firms\' infrastructure.

Key responsibilities are as below, please note this is an individual contributor position:

• Conduct advanced analysis, threat hunting, and evaluation of new security technology as well as ensuring larger technology projects at the company are ready to be integrated into the Attack Analysis team and monitoring function.
• Provide leadership, coaching and mentoring to the team. Sharing technical best practices to uplift the detection and SIEM capabilities of the team.
• Lead the team as an expert on SIEM (primarly SPLUNK) and hunting exercises, and serve as a technical escalation point.
• Lead the growth and maturity of how the bank utilizes multiple SIEM solutions for various use-cases within Cyber Operations
• Actively seek effective and comprehensive detection strategy, while ensuring detections are thoroughly tested; and alerts are relevant, of value and playbooks are understood by cybersecurity operations teams.
• Lead the growth and maturity in how we secure, monitor and respond to incidents on-prem as well as both private and public cloud environments.
• Work with internal security engineering teams to ensure that Attack Analysis requirements are represented in the architecture, design and implementation of various environments.
• Lead in the design, write and automate detection and incident response processes and tools.
• Research TTPs and the threat landscape, translating that research data into high quality detections.

Primary Qualifications

• Minimum 6 years of working experience with a focus on Security Operations, Incident Response, Computer Network Operations (CNO) or Computer Network Defense (CND).
• Bachelor\'s degree in Computer Science, Information Security, Digital Forensics or equivalent disciplines
• Excellent written and verbal communication skills to describe security events and conduct technical analysis in partnership with stakeholders across the technology and business groups.
• Experience with creation and tuning of alerting rules from a SIEM and/or other devices in response to changing threats.
• Ability to research TTPs and develop high fidelity detections in various tools/languages including but not limited to: Splunk, CrowdStrike, Azure Sentinel, Suricata, Snort.
• Ability to use data science and analytical skills to identify anomalies over large datasets.
• Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
• Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
• Ability to perform packet-level analysis and strong understanding of common network protocols and the OSI model.
• Experience using scripting languages (Python, Powershell, Bash, etc.) to parse machine-generated data, interact with REST APIs and automate repetitive tasks.
• Strong collaboration and stakeholder engagement skills.

Additional Technical Qualifications

• Hands-on experience in at least one cloud platform (AWS, Azure, GCP) including infrastructure, security and cloud APIs.
• Experience with regular expressions and their applications.
• Experience with Digital Forensics & Incident Response processes including memory & file system analysis methodologies.
• Experience with analyzing Endpoint Detection & Response (EDR) telemetry and excellent knowledge of operating system internals (Windows, Linux, macOS).
• Knowledge with command line tools across Windows and Linux.
• Familiarity with malware analysis (both static and dynamic), binary triage, and file format analysis.

About Us: J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world\'s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants\' and employees\' religious practices and beliefs, as well as any mental health or physical disability needs.

About the Team: The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm\'s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group\'s number one priority is to enable the business by keeping the firm safe, stable and resilient.

High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

JPMorgan Chase