Senior Cyber Security Cloud Incident Response / Attack Analysis Cloud Lead- VP
With JPMorgan Chase & Co. in New York NY USMore jobs from JPMorgan Chase & Co.
Posted on September 11, 2020
About this job
Job type: Full-time
Role: System Administrator
Industry: Financial Services
Company size: 10k+ people
Company type: Public
cloud, unix, sysadmin
As an experienced professional in our cybersecurity organization, you won't just be watching over our data - you'll be finding innovative new ways to protect it in the future. To do that, you'll help lead a highly motivated team focused on analyzing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. You'll use your leadership skills to give guidance, advise on best practices and support our business and technology groups. By taking the lead on incident response, risk reviews, vulnerability assessment,s and identifying threats, you'll help us deliver cost-effective solutions that put our clients first. You'll deploy best practices, new policies and emerging trends to strengthen our strategic roadmap. By presenting your findings to senior leaders, you'll sharpen your communication and presentation skills. As part of our global team of technologists and innovators, your work will have a critical impact on our company, as well as our clients and our business partners around the world.
This role requires a wide variety of strengths and capabilities, including:
* Bachelor's degree or equivalent experience
* Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
* Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity
* Experience with Agile and the ability to work with at least one of the common frameworks
* Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation
* Foundational knowledge of: computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing
* Intermediate knowledge of: cloud computing, computer network defense, external organizations and academic institutions dealing with cybersecurity issues, financial authorities and regulations, identity management, incident management, information assurance, information management, information systems and network security and infrastructure design
* Intermediate knowledge of: cybersecurity activities associated with requirements analysis, risk analytics and modeling; risk management; emerging issues, risks, vulnerabilities and technologies; and vulnerability assessment
As a Senior Cyber Security Incident Response/ Attack Analysis Cloud Lead, you will be responsible for the resolution of security incidents with a specific background in public and private cloud technologies. You will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.Key areas of focus include: Public/Private Cloud Engineering and Incident Response, Digital and Network Forensics, Threat Modeling, developing or finding/researching exploits.Core Responsibilities for the Senior Cyber Security Incident Response/ Attack Analysis Cloud Lead:
Incident Response :
The Senior Attack Analyst will:
Utilize their background in cloud technology and incident response procedures to act as a subject matter expert in cybersecurity incident response. Execute incident handling functions and direct response to public and private cloud network incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.Provides regular monitoring, triage, and incident response to automated security alerts. Conduct host forensics, network, forensics, log analysis, and malware triage in support of incident response investigations.Recognize and organize attacker tools, tactics, techniques, and procedures (TTPs) into indicators of compromise (IOCs) that can be applied to current and future investigations.Have current knowledge of attack methodology including but not limited to malicious tactics & techniques (vulnerability/penetration testing), and response procedures. Conducts ad-hoc incident analysis as needed.Examine network topologies to understand data flows through the network
Receive and analyze network alerts from various sources within the enterprise, including the public and private cloud, and determine possible causes. Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents.Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activity, and misuse activity, and distinguish such incidents from benign activity.Identifies false-positives and false-negatives.Facilitate the develop of the team's understanding of the cloud environment by creating knowledge-sharing sessions.This role requires a combination of skills and capabilities, including:
7+ years of experience working in Cyber or Cloud Infrastructure Development, functioning in a Security Analysis, Incident Response, Attack Analysis, Architecture, DevOps or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
Experience effectively communicating event details and technical analysis to technical audiences within the global cyber organization and other technology groups
Knowledge of TCP/IP, IPv6, UNIX, Windows, HTTP and related network tools is required
The ideal candidate will have a technical background with significant previous experience with the following, in a large enterprise environment:
Experience with Docker containers and at least one cluster management software, such as Kubernetes - Heptio, Kubernetes (EKS), or Cloud Foundry.
Excellent documentation and communication skills, with an ability to clearly articulate complex IaaS/ PaaS concepts to people new to cloud development.
Detailed understanding of IaaS and virtualization - service-oriented architecture designed around the delivery of Infrastructure components as a service.
Proficient with configuration and release management tools, such as Ansible, Chef, Terraform, and Puppet.
Knowledge of cloud providers, such as Amazon AWS, Microsoft Azure, and Google Cloud Platform.
Ability to work closely with the business, technology, and project management partners, applying communication skills, problem-solving skills, and knowledge of best practices.
Experience with cloud management software, such as OpenStack.
Comprehensive understanding of regular expressions.
Understanding of database structure and queries.
Knowledge of common network tools, such as ping, traceroute, and nslookup.
Comprehensive understanding of network services, vulnerabilities, and attacks.
Experience and knowledge of administering application servers, web servers, and databases, such as Tomcat, WebSphere, Nginx, Microsoft IIS, Oracle, and MySQL.
Skilled in conducting vulnerability scans and recognizing vulnerabilities in security systems.
Knowledge of Intrusion Detection System (IDS) tools and applications.
Knowledge of intrusion detection methods and techniques for detecting host and network-based intrusions through intrusion detection technologies.
Knowledge of Windows, Unix, or Kubernetes ports, services and command line, such as Unix command line.
Comprehensive knowledge of network design, defense-in-depth principles, and network security architecture.
Experience with reviewing raw log files, data correlation, and analysis, such as firewall, network flow, IDS, and system logs.JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
Equal Opportunity Employer/Disability/Veterans