The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Application Security Analyst will be part of the JPMorgan Chase Application Security Group, which is responsible for working with the various software application development teams in JPMC to help them analyze and determine the applicability and severity of identified potential security vulnerabilities. The person will have a solid understanding of different application security controls such as Static Scanning, Threat Modeling, Design Patterns, binary scanning and Dynamic Scan. The person will be responsible to manage binary scanning program for the firm. The person additionally will be responsible to manage vulnerability remediation practices for application Security group that includes establishing manual vulnerability correlation from various tools e.g Fortify, Open source (Black Duck) and Dynamic Scan/Pen Test.
The position will work closely with the Line of Business AD teams, Static Scanning Support Team, Mobile AD and Support Team, KPI Reporting Team and external business partners to ensure that technologies and best practices are properly applied to protect JPMC’s products, services, and customer information.
- Contribute to the success of Firm-wide Application Security program by working with security architects, software security champions (SSCs), Application Security Champions (ASCs), application development (AD) managers, application developers, and information risk managers (IRMs) to deploy software security controls effectively.
- Understand overall application security services and identify opportunities to streamline all the services to improve effectiveness
- Perform detail analysis of issues found by Red Team (Pen Test) in production and correlate them with the pre prod testing such as SD elements and Static Scan
- Work on the vendor application security program and work on VBSIMM activities to be included within TPRM vendor assessment. Additionally provide guidance on binary scanning processes to different LOB’s
- Work with AD teams to implement and maintain security frameworks within their applications and drive secure coding guidelines.
- Identify and draw KPI’s to show the progress of overall application security program and identify opportunities for improvement in different areas