Cybersecurity Senior Incident Response Analyst

As a member of the team within the JPMorgan Chase & Co. Security Operations Center (SOC), you will fit into a global team that provides 24x7 monitoring and incident response, acting as the frontline for attacks against the firms’ infrastructure. As a SOC analyst, your role will include triaging alerts using a security incident and event management (SIEM) solution, start-to-finish case investigation, threat hunting, file analysis, as well as getting involved in projects that aim to improve the capability of the team.

You’ll have opportunities to attend training and conferences that benefit the skillset of the team and your own. You’ll be encouraged to conduct your own hunting investigations and create rule logic to fill the gaps in monitoring that you identify or alert on upcoming threats you think may be targeted at the firm. The work you’ll do is vital, as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.

This role requires a wide variety of strengths and capabilities, including:

• Minimum of 3 years of experience working in information security, with a focus on security operations center (SOC) analysis and incident response.
• Understanding of networking TCP/IP networking, including knowledge of routing, switching, and network protocols such as HTTP(S), DNS, DHCP, SMTP, and FTP.
• Familiarity with network security technologies such as firewalls, proxies, and VPNs along with email security technologies and protocols.
• Knowledge of security threats, attack methodologies, and mitigation strategies (such as phishing, port scanning, web application attacks, DDoS, lateral movement).
• Experience performing log analysis using SIEM tools and performing packet capture (PCAP) analysis.
• Knowledge in Windows and Linux operating systems and how to investigate them for signs of compromise.
• Experience with file analysis tools and understanding of malware analysis techniques, including dynamic and static analysis, to extract indicators, write reports, and implement mitigations.
• Experience with cloud technologies and platforms, including knowledge of cloud security architecture and how an attacker can utilize these platforms.
• Ability to demonstrate a structured, analytical approach to investigating alerts and/or indicators and documenting your findings in a manner that both peer and executive level colleagues can understand.
• Appreciation of the wider roles of interconnecting and collaboration with cyber security teams (such as forensics, threat intelligence, penetration testing, vulnerability management, and red team).
• Willing to work a shift pattern that includes weekend work.

• A degree in Computer Science, Information Security, or a related field.
• Industry-recognized security certifications, such as CompTIA Security+, CySA+, or CASP+; GIAC GSEC, GCIH, or GCFA; or ISC2 CISSP or CCSP.
• Scripting knowledge (such as Python) including its application to cybersecurity use cases.
• Financial sector experience.