Cybersecurity Senior Incident Response Analyst

As a member of the team within the JPMorgan Chase & Co. Security Operations Center (SOC) you will fit into a global team that provides 24x7 monitoring and incident response acting as the frontline for attacks against the firms infrastructure. As a SOC analyst your role will include triaging alerts using a security incident and event management (SIEM) solution start-to-finish case investigation threat hunting file analysis as well as getting involved in projects that aim to improve the capability of the team. Youll have opportunities to attend training and conferences that benefit the skillset of the team and your own. Youll be encouraged to conduct your own hunting investigations and create rule logic to fill the gaps in monitoring that you identify or alert on upcoming threats you think may be targeted at the firm. The work youll do is vital as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.

Qualifications

This role requires a wide variety of strengths and capabilities including:

• Minimum of 3 years of experience working in information security with a focus on security operations center (SOC) analysis and incident response.
• Understanding of networking TCP/IP networking including knowledge of routing switching and network protocols such as HTTP(S) DNS DHCP SMTP and FTP.
• Familiarity with network security technologies such as firewalls proxies and VPNs along with email security technologies and protocols.
• Knowledge of security threats attack methodologies and mitigation strategies (such as phishing port scanning web application attacks DDoS lateral movement).
• Experience performing log analysis using SIEM tools and performing packet capture (PCAP) analysis.
• Knowledge in Windows and Linux operating systems and how to investigate them for signs of compromise.
• Experience with file analysis tools and understanding of malware analysis techniques including dynamic and static analysis to extract indicators write reports and implement mitigations.
• Experience with cloud technologies and platforms including knowledge of cloud security architecture and how an attacker can utilize these platforms.
• Ability to demonstrate a structured analytical approach to investigating alerts and/or indicators and documenting your findings in a manner that both peer and executive level colleagues can understand.
• Appreciation of the wider roles of interconnecting and collaboration with cyber security teams (such as forensics threat intelligence penetration testing vulnerability management and red team).
• Willing to work a shift pattern that includes weekend work.

Highly Desired:

• A degree in Computer Science Information Security or a related field.
• Industry-recognized security certifications such as CompTIA Security CySA or CASP; GIAC GSEC GCIH or GCFA; or ISC2 CISSP or CCSP.
• Scripting knowledge (such as Python) including its application to cybersecurity use cases.
• Financial sector experience.