You will be one of the team's subject matter experts on SIEM, you will help mature how JPMC utilizes multiple SIEM solutions (primarily Splunk) for various use-cases within Cyber Operations. The ideal candidate will be someone with previous SOC experience who enjoys researching TTPs and the threat landscape and translating that research data into high quality detections. Your role involves actively seeking effective and comprehensive detection strategy and capabilities, ensuring detections are thoroughly tested, alerts are relevant, of value and playbooks are available to and understood by Cybersecurity Operations teams. Additionally, you'll work to help mature the Attack Analysis team in how we secure, monitor and respond to incidents on-prem as well as both private and public cloud environments. You'll work with internal security engineering teams to ensure that Attack Analysis requirements are represented in the architecture, design and implementation of various environments. You'll help design, write and automate detection and incident response processes and tools.
Working in cybersecurity takes passion for technology, speed, a desire to learn, and vigilance in order to keep every asset safe. You'll be on the front lines of innovation, working with a highly motivated team focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. Your research and work will ensure stability, capacity and resiliency of our products. Working with your internal team, as well as technologists and innovators across our global network, your ability to identify threats, provide intelligent analysis and positive actions will stop crimes and strengthen our data.
As a member of the Attack Analysis team, you will fit into a Global team providing 24/7 monitoring and Incident Response, acting as the frontline for attacks against the firms' infrastructure. As a Detection Engineer, your role will include advanced analysis, threat hunting, evaluation of new security technology as well as ensuring larger technology projects at the company are ready to be integrated into the Attack Analysis team and monitoring function. There is also an emphasis on coaching and mentoring in this role; you'll work to bring up the technical expertise of the entire team around you. This could include running training sessions for the team in range or virtual environments, leading hunting exercises, serving as a technical escalation point and coaching the team through adopting monitoring responsibility.
Key areas of focus include: Detection Engineering
Primary Qualifications
- Min. 6 years of working experience with at least 4 years of hands-on experience in Security Operations and Incident Response or Computer Network Operations (CNO) or Computer Network Defense (CND).
- Bachelor’s degree in Computer Science, Information Security, Digital Forensics or equivalent qualification.
- Excellent written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.
- Strong collaboration and stakeholder engagement skills.
- Experience with the creation and tuning of alerting rules from a SIEM and other devices in response to changing threats.
- Ability to research TTPs and develop high fidelity detections in various tools/languages including but not limited to: Splunk, CrowdStrike, Azure Sentinel, Suricata, Snort.
- Ability to use data science and analytical skills to identify anomalies over large datasets.
- Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
- Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
- Ability to perform packet-level analysis and strong understanding of common network protocols and the OSI model.
- Experience using scripting languages (Python, Powershell, Bash, etc.) to parse machine-generated data, interact with REST APIs and automate repetitive tasks.
Additional Technical Qualifications
- Hands-on experience with at least 1 cloud platform (AWS, Azure, GCP) including infrastructure, security and cloud APIs.
- Experience with regular expressions and their applications.
- Experience with Digital Forensics & Incident Response processes including memory & file system analysis methodologies.
- Experience with analyzing Endpoint Detection & Response (EDR) telemetry and excellent knowledge of operating system internals (Windows, Linux, macOS).
- Knowledge with command line tools across Windows and Linux.
- Familiarity with malware analysis (both static and dynamic), binary triage, and file format analysis.
When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
It's time to take your career to the next level, and we can help. Apply today.
ABOUT US
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
ABOUT THE TEAM
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.