JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.5 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
This position is responsible for eyes on glass monitoring and resolution of security incidents with a specific background in public and private cloud technologies. As a Senior Cyber Security Incident Response/ Attack Analysis Lead, you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Key areas of focus include: Public/Private Cloud Engineering and Incident Response, Digital and Network Forensics, memory analysis, malware and exploit analysis, developing or finding/researching exploits.
Core Responsibilities for the Senior Cyber Security Incident Response/ Attack Analysis Lead ::
- The Senior Attack Analyst will utilize their background in cloud technology and incident response procedures to act as a subject matter in cybersecurity incident response.
- You will be responsible for the execution of incident handling functions as well as direct response to public and private network incidents.
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
- Provides regular monitoring, triage, and incident response to automated security alerts
- Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations.
- Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
- The Senior Attack Analyst have current knowledge of attack methodology including but not limited to malicious tactics & techniques (vulnerability/penetration testing), and response procedures (TTPs).
- Conducts as needed ad-hoc incident analysis
- Examine network topologies to understand data flows through the network
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts across public and private cloud and traditional network environments.
- Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents
- Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
- Identifies false-positives and false-negatives from alerting
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
Experience with 2 or more areas below.
Malware analysis/reverse engineering/exploit analysis
Experience in tools like IDAPro, OllyDbg
Offensive Security Exploitation Expert (OSEE)
Offensive Security Advanced Windows Exploitation (AWE)
SANS SEC760: Advanced Exploit Development for Penetration Testers
Experience with vendor products that research exploits/CVEs (FireEye, AVnti-Virus vendors, etc.)
Experience with offensive exploit techniques (NSA type stuff)
Web Application Penetration Testing
Software engineer experienced with web application development
Hands one experience with investigating or finding OWASP type vulnerabilities
Offensive Security certifications like:
Web Expert (OSWE)
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Expert (OSCE)
Experience with tools like Encase, SIFT, Digital Forensics Framework, etc.
Experience or prior roles in linux system administration
- 5+ years of experience working in a Cyber or Information Security Operations functioning in a Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
- This role requires experience effectively communicating event details and technical analysis, technical audiences within the global cyber organization and other technology groups
- TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
- The ideal candidate will have a technical background with significant previous experience in a large enterprise environment with the following:
- Experience with Docker containers and at least one cluster management software – Mesos, Kubernetes, Cloud Foundry etc
- Excellent documentation and communication skills with an ability to clearly articulate complex IaaS/ PaaS concepts to people new to Cloud Development
- Detailed understanding of IaaS and virtualization – service orientated architecture designed around the delivery of Infrastructure components as a service
- Proficient with configuration & release management tools like Ansible, Chef or Puppet
- Knowledge of Cloud providers such as Amazon AWS, Microsoft Azure, Google Cloud Platform services etc.
- Experience with Cloud Management software such as OpenStack
- Comprehensive understanding of regular expressions
- Understanding of database structure and queries
- Knowledge of common network tools (e.g., ping, traceroute, nslookup)
- Comprehensive understanding of network services, vulnerabilities and attacks
- Ability to conduct packet analysis, decode and perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
- Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Knowledge of Intrusion Detection System (IDS) tools and applications
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
- Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
- Knowledge of how to troubleshoot basic systems and identify operating systems-related issues
- Knowledge of Windows/Unix ports, services and command line (Unix command line
- Comprehensive knowledge of network design, defense-in-depth principles and network security architecture
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Skilled in network mapping and recreating network topologies
- Experience with a scripting language such as Perl, Ruby, Python, and BASH
- Experience in host forensics
High Security Access (HSA)
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.