Apply Now    

Senior Attack Analyst / Cyber Security Incident Response Lead (CSIR)

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at
Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
This position is responsible for eyes on glass monitoring and resolution of security incidents. As a Senior Attack Analyst / Cyber Security Incident Response Lead you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Core Responsibilities for the Senior Attack Analyst / Cyber Security Incident Response Lead (CSIR):
Incident Response: 
  • The Senior Attack Analyst will utilize their background in technology and incident response procedures to act as a subject matter in cybersecurity incident response.
  • You will be responsible for the execution of incident handling functions as well as direct response to network incidents.
  • Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
  • Provides regular monitoring, triage, and incident response to automated security alerts
  • Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations.
  • Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
  • The Senior Attack Analyst have current knowledge of attack methodology including but not limited to malicious tactics & techniques (vulnerability/penetration testing), and response procedures (TTPs).
  • Conducts as needed ad-hoc incident analysis
  • Examine network topologies to understand data flows through the network
Attack Analysis: 
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
  • Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents
  • Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
  • Identifies false-positives and false-negatives from alerting
  • Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
  • Senior Attack Analyst will assist in the creation of processes/procedures, technical documentation, as well as completion of project tasks
  • Provides regular feedback to enhance our security monitoring and controls
  • Provides mentorship to tier 1 Security Analysts
  • 5 years of experience working in a Security Operations Center functioning in a Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
  • This role requires experience effectively communicating event details and technical analysis, technical audiences within the global cyber organization and other technology groups
  • TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
  • The ideal candidate will have a technical background with significant previous experience in a large enterprise environment with the following:
    • Comprehensive understanding of regular expressions
    • Understanding of database structure and queries
    • Knowledge of common network tools (e.g., ping, traceroute, nslookup)
    • Comprehensive understanding of network services, vulnerabilities and attacks
    • Ability to conduct packet analysis,  decode and perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
    • Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems
    • Knowledge of Intrusion Detection System (IDS) tools and applications
    • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
    • Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
    • Knowledge of how to troubleshoot basic systems and identify operating systems-related issues
    • Knowledge of Windows/Unix ports,  services and command line (Unix command line
    • Comprehensive knowledge of network design, defense-in-depth principles and network security architecture
    • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
    • Skilled in network mapping and recreating network topologies
    • Experience with a scripting language such as Perl, Ruby, Python, and BASH
    • Experience in host forensics
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment
Req #: 160008853
Location: New York, NY US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.