JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.
This position is responsible for eyes on glass monitoring and resolution of security incidents. As a Senior Attack Analyst / Cyber Security Incident Response Lead you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
Core Responsibilities for the Senior Attack Analyst / Cyber Security Incident Response Lead (CSIR):
The Senior Attack Analyst will utilize their background in technology and incident response procedures to act as a subject matter in cybersecurity incident response.
You will be responsible for the execution of incident handling functions as well as direct response to network incidents.
Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation
Provides regular monitoring, triage, and incident response to automated security alerts
Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations.
Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
The Senior Attack Analyst have current knowledge of attack methodology including but not limited to malicious tactics & techniques (vulnerability/penetration testing), and response procedures (TTPs).
Conducts as needed ad-hoc incident analysis
- Examine network topologies to understand data flows through the network
Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents
Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
- Identifies false-positives and false-negatives from alerting
- Receive and analyze network alerts from various sources within the enterprise and determine possible causes of such alerts
Senior Attack Analyst will assist in the creation of processes/procedures, technical documentation, as well as completion of project tasks
Provides regular feedback to enhance our security monitoring and controls
- Provides mentorship to tier 1 Security Analysts
- 5 years of experience working in a Security Operations Center functioning in a Security Analysis, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
This role requires experience effectively communicating event details and technical analysis, technical audiences within the global cyber organization and other technology groups
TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
- The ideal candidate will have a technical background with significant previous experience in a large enterprise environment with the following:
- Comprehensive understanding of regular expressions
- Understanding of database structure and queries
- Knowledge of common network tools (e.g., ping, traceroute, nslookup)
- Comprehensive understanding of network services, vulnerabilities and attacks
- Ability to conduct packet analysis, decode and perform packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
- Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Knowledge of Intrusion Detection System (IDS) tools and applications
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies
- Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
- Knowledge of how to troubleshoot basic systems and identify operating systems-related issues
- Knowledge of Windows/Unix ports, services and command line (Unix command line
- Comprehensive knowledge of network design, defense-in-depth principles and network security architecture
- Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
- Skilled in network mapping and recreating network topologies
- Experience with a scripting language such as Perl, Ruby, Python, and BASH
- Experience in host forensics
This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment