Apply Now    

Lead Security Analyst – Attack Analysis- VP

Req #: 170093536
Location: London, ENG, GB
Job Category: Technology
Job Description:

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the worlds most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at


Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.


The Senior Security Analyst in Attack Analysis will utilize their background in technology and incident response procedures to act as a subject matter expert in incident response.  As a senior security analyst on the Attack Analysis team you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.


Key responsibilities include:

- You will be responsible for the execution of incident handling functions as well as direct response activities for security events/incidents

- Correlate log data from multiple sources and develop "detect" to identify adversary behavior

- Contribute to the maturity of cyber threat hunting framework within the team

- Conduct host forensics, network, forensics, log analysis, and malware triage in support of security events/incidents

- Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.

- Examine network topologies to understand how data flows through the network

- Assist in the creation of processes/procedures, technical documentation, as well as completion of projects

- Develop internal tools and automate processes/work flows in support of incident response

- Work closely with security engineering to articulate and define requirements for new security products

- Provide mentorship and training to junior security analysts and contribute to their career by developing challenges and exercises

- Extensive experience working in a security role performing Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment

- In-depth knowledge of SIEM products and the ability to develop advanced correlation rules

- Solid understanding network protocols and experience conducting packet analysis using appropriate tools (e.g. tcpdump, wireshark, tshark)

- Programming experience in at least one of the following languages: Python, Perl, Powershell as well as an automation mindset

- Comprehensive understanding of regular expressions

- Previous experience working in an incident response position

- Knowledge of intrusion detection methodologies (IDS/IPS) and techniques for detecting host and network-based intrusions via intrusion detection technologies

- Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis

- Familiarity with multiple operating systems (e.g., Windows, Unix, Mac)


- Experience working as a penetration/red team tester with the ability to translate adversary behavior across multiple platforms (e.g., Windows, Unix, Mac) into identifiable patterns

- Understanding of post exploitation frameworks (e.g. Powersploit/Empire, Veil) and ability to identify activity associated with their usage

- Experience working with statistics to provide context and visual representation of data (e.g. R, numpy)

- Previous experience working as part of a Computer Security Incident Response Team (CSIRT)

- Familiarity with web application vulnerabilities and OWASP Top 10


This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

The Global Attack Analysis team is a 24x7, follow-the-sun operation and as such, this person may be required to cover shift rotational days, weekends, and holidays.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.


About J.P. Morgan’s Corporate & Investment Bank
J.P. Morgan’s Corporate & Investment Bank is a global leader across banking, markets and investor services. The world’s most important corporations, governments and institutions entrust us with their business in more than 100 countries. With $18 trillion of assets under custody and $393 billion in deposits, the Corporate & Investment Bank provides strategic advice, raises capital, manages risk and extends liquidity in markets around the world.  Further information about J.P. Morgan is available at
JPMorgan Chase & Co. offers an exceptional benefits program and a highly competitive compensation package. JPMorgan Chase & Co. is an Equal Opportunity Employer.


Closing date : 17th October 2017

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.