JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Global Services Operations (GSO) is responsible for operations service support delivery for JPMorgan Chase's Global Technology Infrastructure (GTI). Through its Global Service Desk and Infrastructure Operations Centers, GSO provides global, coordinated diagnostic and support services, while its’ Production Assurance and Support functions leverage and execute industry-leading infrastructure management and support processes that are designed to minimize customer outages and impacts.
Within GSO, the Critical Infrastructure Operations team was formed to provide high level / dedicated 24*7 operations support via a follow the sun model for Keon, LDAP, Wintel/Unix System Administration, and DNS. This dedicated team will provide the highest degree of service for these services and Active Directory – driving service improvement and ensuring the highest availability.
As a Key Management Application Administrator within the GSO Critical Infrastructure Operations team, you will be responsible for supporting JPMC”s complex environment, incident resolution, providing subject matter expertise to other team members, driving improvements, and ensuring the highest degree of resilience and top tier support resulting in uninterrupted encryption services availability. Driving service improvement across the environment is key to the role: managing all service delivery resiliency, efficiency, and audit programs as well as ensuring engineering standards and products are integrated across the platforms. The scope of responsibilities will entail trouble ticket investigations, participation in root cause analysis, resolution, implementing, measuring, and improving all processes, procedures, and activities required to ensure maximum availability, utility, flexibility, and responsiveness of the production environment. The qualified applicant will become part of JPMC’s Key Management IT Support Team that administers the Vormetric Data Security Managers (DSM), Microsoft Certification Authorities (CA) and supporting technologies that are part of the Key Management service offerings.
Role Description & Responsibilities:
Key Management and Encryption Administrator position is for the operational portion of the Service delivery of Key management and Encryption services. Responsibilities include:
- Manage, maintain, operate and troubleshoot Encryption Infrastructure (Vormetric, Splunk) and Microsoft Active Directory PKI infrastructure
- Perform Data Encryption onboarding tasks - applying encryption guard points, monitor logs, review & fix log infractions, amend encryption policies, switch from learning to blocking mode etc.
- Create/modify encryption policies and write security rules based on rule definitions and specific requirements
- Manage LOB communications for Encryption onboarding.
- Serve as operate team and provide on call support for Encryption and PKI service.
- Review Splunk Dashboards and reports to enumerate policy infractions.
- Manage access rights, policies, certificates and keys.
- Take part and perform High availability / Disaster Recovery tests
- Administration of Windows 2012 Active Directory Services including CA, HSMs, Certificate Enrollment Web Services, Certificate Enrollment Policy Web Service, and Internet Information Services (IIS).
- Administration of certificate revocation servers like Online Responder service (OCSP) and Certificate Revocation List (CRL) servers.
- Patch servers – Vormetric appliances, Splunk servers, CA servers and CRL/OCSP servers
- Monitor SCOM management console for alerts and act on them to resolve issues associated with service availability and operation.
- Perform daily health checks of Encryption and PKI infrastructure
- Implement configuration changes to Encryption and PKI environment that are approved by the Service Engineering team using change management process
- Install/decommission Encryption HW, SW and PKI servers
- Serve as the first level escalation point for support issues
- Promote best practices to ensure the risk profile is minimized and security posture enhanced
- Operations of cyber related products including encryption and access control services
- Develop, document and continuously improve the support model and underlying processes
Candidates should have prior experience working with business in the data protection & security space and/or PKI administration/support. The ideal candidate will have the ability to perform independently as well as work effectively with a team and peers, providing timely delivery and follow through in a high paced environment. The successful candidate should also possess the following attributes:
- 5+ years hands-on experience with data security, encryption, PKI, Splunk, monitoring, access control, and incident management tools
- Working experience with data encryption, PKI administration/support
- Familiarity with browser and application keystores, OpenSSL
- Hands on experience/working knowledge with Unix/Linux, Wintel, Storage Technologies and Database administration functions and tools.
- Working experience with database encryption methods, solutions.
- Experience with Vormetric Data Security Manager, policy/rule creation, management and key management a plus
- PKI experience including hands on experience with Certificate Authority Administration, Certificate Enrollment Web Service & Revocation servers configuration, Active Directory Certificate Services (ADCS) monitoring
- Working experience with Splunk SIEM tool is a plus.
- Working experience with cryptographic solutions (including authentication, encryption, hashing, tokenization & signing) across applications, backup, database, endpoint device, email, file, network, removable media and storage domains.
- Working experience with key storage, distribution and administration (user and machine based)
- Scripting and automation experience
- Experience with large enterprise technology projects
- Excellent quantitative and analytical problem solving skills
- Global awareness; experience with and conscious/aware of local, regional, cultural challenges
- Experience troubleshooting digital certificate issues
- Understanding of Common Criteria Role Separation
- Understanding of PKIX, PKCS, SSL, TLS, S/MIME standards
- Capacity Monitoring and Optimization
- PowerShell, Perl scripting
- Professional Security Certification (e.g. CISSP) desired but not required
- Ability to understand data derived by security tools , analyze, draw conclusions and suggest/take the appropriate actions
- Security and Operations mindset
- Team player exhibiting professional maturity, personal integrity, and excellent interpersonal skills
- Strong work ethic, self-starter who is creative with a 'can-do' attitude
- Strong written and verbal communication skills
- Quick learner with strong attention to detail
- Project management experience in encryption services deployments is a plus