JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
The Cybersecurity organization within JPMorgan Chase & Co. provides security services to all lines of business (LOB) across JPMC. The objective of Cybersecurity is to balance both business alignment and the centralized delivery of core products and services including Security Standards, Monitoring & Protection, Assurance & Awareness, and Security Operations. Cybersecurity is designed to address the JPMC global security needs across all LOBs and the demand to leverage economies of scale across the firm.
Threat Intelligence (TI) holds the global mandate for JPMorgan Chase's cyber intelligence collection, analysis, and dissemination of finished products to JPMorgan Chase's population of security operations teams, information technology teams, and overall executive decision makers.
This team is also responsible for external engagement with peer groups and information security circles regarding cyber threats, to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks and loss of proprietary information. This includes developing a deep understanding of global threat actors.
TI also plays an integral role in the intelligence driven defense of JPMC and works closely with the other cyber security teams, various lines of business, and United States Government entities to mitigate threats to the firm.
As a Threat Intelligence– Operational Analyst you will be responsible for:
- Conducting deep dive technical analysis of cyber attack tools, tactics, and procedures
- Regularly producing succinct written intelligence reports constructed from technical analysis and collected threat information for JPMC internal consumers
- Contributing cyber security perspective to discussions and decisions regarding JPMC global technology infrastructure and technology deployments
- Partnering with peer cyber operations teams to understand events and support technical analysis of malicious cyber security incidents
- Maintaining technical proficiency in the use of tools, techniques and countermeasures
- Identifying, assessing and tracking cyber threat actors and campaigns based upon technical analysis and multiple data sources.
- Tracking potential threats associated with attempted intrusions, network & host-based attacks, and coordinating incident response efforts with cyber security teams
- 4-6 year's intelligence or cyber operations experience
- 4-6 year's experience in a large, mission-critical environment
- 5+ total years technology experience
- Experience in network intrusion methods and network forensics
- Ability to apply a thorough knowledge of attacker capabilities, intentions, motives, and historical operations/targets to inform JPMC Cybersecurity strategies quickly, clearly and effectively
- Strong written and verbal communication skills; ability to understand complex problems while formally presenting them simplistically
- Bachelor's Degree in Computer Science or related field, or equivalent experience
- Delivering threat awareness and education briefings
- Significant malware analysis, virus exploitation and mitigation techniques experience
- Coding (scripting) experience e.g. Perl, VB Script, Python etc.
- Experience in partnering with major government agencies and authorities around the world
- Experience with Lockheed Martin’s Cyber Kill Chain ™ and Intelligence Driven Defense
- Experience with researching and tracking Advanced Persistent Threat (APT) campaigns
- Conducting malware analysis and reverse engineering on suspicious code, and producing detailed findings reports
- Experience of the financial industry
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.