Apply Now    

Senior CyberSecurity Incident Response/ Attack Analysis - Cloud Specialist

Req #: 170078163
Location: New York, NY, US
Job Category: Technology
Potential Referral Amount: 5000 US Dollar (USD)

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.5 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.

 

Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
 

This position is responsible for eyes on glass monitoring and resolution of security incidents with a specific background in public and private cloud technologies. As a Senior Cyber Security Incident Response/ Attack Analysis Lead, you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Key areas of focus include: Public/Private Cloud Engineering and Incident Response, Digital and Network Forensics, memory analysis, malware and exploit analysis, developing or finding/researching exploits. 


Core Responsibilities for the Senior Cyber Security Incident Response/ Attack Analysis Lead ::

 

Incident Response: 

  • The Senior Attack Analyst will utilize their background in cloud technology and incident response procedures to act as a subject matter in cybersecurity incident response.
  • You will be responsible for the execution of incident handling functions as well as direct response to public and private network incidents.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Provides regular monitoring, triage, and incident response to automated security alerts
  • Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations.
  • Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
  • The Senior Attack Analyst have current knowledge of attack methodology including but not limited to malicious tactics & techniques (vulnerability/penetration testing), and response procedures (TTPs).
  • Conducts as needed ad-hoc incident analysis
  • Examine network topologies to understand data flows through the network

Attack Analysis: 

  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts across public and private cloud and traditional network environments.
  • Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents
  • Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
  • Identifies false-positives and false-negatives from alerting
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts

 

 


  • 5+ years of experience working in a Cyber or Information Security Operations functioning in a Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
  • This role requires experience effectively communicating event details and technical analysis, technical audiences within the global cyber organization and other technology groups
  • TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
  • The ideal candidate will have a technical background with significant previous experience in a large enterprise environment with the following:
    • Experience with Docker containers and at least one cluster management software – Mesos, Kubernetes, Cloud Foundry etc
    • Excellent documentation and communication skills with an ability to clearly articulate complex IaaS/ PaaS concepts to people new to Cloud Development
    • Detailed understanding of IaaS and virtualization – service orientated architecture designed around the delivery of Infrastructure components as a service
    • Proficient with configuration & release management tools like Ansible, Chef or Puppet
    • Knowledge of Cloud providers such as Amazon AWS, Microsoft Azure, Google Cloud Platform services etc.
    • Experience with Cloud Management software such as OpenStack
    • Comprehensive understanding of regular expressions
    • Understanding of database structure and queries
    • Knowledge of common network tools (e.g., ping, traceroute, nslookup)
    • Comprehensive understanding of network services, vulnerabilities and attacks
    • Ability to conduct packet analysis,  decode and perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
    • Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems
    • Knowledge of Intrusion Detection System (IDS) tools and applications
    • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
    • Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
    • Knowledge of how to troubleshoot basic systems and identify operating systems-related issues
    • Knowledge of Windows/Unix ports,  services and command line (Unix command line
    • Comprehensive knowledge of network design, defense-in-depth principles and network security architecture
    • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
    • Skilled in network mapping and recreating network topologies
    • Experience with a scripting language such as Perl, Ruby, Python, and BASH
    • Experience in host forensics

 

High Security Access (HSA)

This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.