JPMorgan Chase Bank, N.A. - Threat Intelligence - Cyber Ops

Full Job Description

As an experienced professional in our Cybersecurity & Technology Controls organization, you're equally committed to safeguarding our information and technology assets today, as well as finding innovative ways to protect them in the future. To do that, you'll play a key role in developing a shared understanding of the threats specifically to our critical suppliers, and subsidiaries, relative to the evolving threat landscape, allowing the firm to make threat informed cybersecurity decisions. You'll join a highly motivated team focused on analysing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. You'll use your subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. You'll support threat analysis, incident response, and the development of cyber risk reviews, all of which drive cost-effective solutioning. As part of JPMorgan Chase & Co.'s global team of technologists and innovators, your work will have a massive impact, both on us as a company, as well as our clients and our business partners around the world.

The Cybersecurity Operations (CSO) holds the global mandate for JPMC's cyber intelligence collection, analysis, and dissemination of finished products to the firm's Cybersecurity & Technology Controls teams, lines of business, and overall executive decision makers. The Supplier Threat Intelligence and Incident Response (STIIR) team is responsible for tracking threats and incidents involving the firm's third party suppliers, and subsidiaries to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. This includes developing a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyber-attacks.

You'll play an integral role in the threat driven defense of JPMC. The responsibilities for this position include, but are not limited to:

  • Using the Cyber Analytic Intelligence Lifecycle, conduct analysis on threats to JPMC Suppliers and Subsidiaries to understand if they have been breached, work directly with the JPMC lines of business as well as the Suppliers to mitigate and remediate. Team with the Firm's stakeholders to ensure end to end processes are in place, and close gaps to ensure the business understands the supplier risk.
  • Conduct or lead threat landscape assessments and in-depth analysis into suppliers' infrastructure to deliver to JPMC stakeholders; also conduct similar assessments for companies JPMC is looking to acquire
  • Participate in the firm's supplier incident response efforts/team, and drive down supplier risk. Help develop the end to end process, and playbooks across the firm's stakeholders, collaborate with the firm's most critical suppliers and work towards remediation. Ensure the firm understands Supplier risk and proactively work to ensure tracking and awareness across the lines of business, and all key stakeholders
  • Help engage suppliers when they suffer a cyberattack; determine initial infection vector, attack paths, and indicators of compromise to uplift the firms' security controls, while also working through remediation plans and control uplifts to enhance the suppliers' security posture
  • Help develop the continuous, proactive monitoring processes that alert the firm to impending or actual cybersecurity events involving our critical third-party suppliers, subsidiaries, and key clients
  • Prepare and deliver written and verbal briefings for stakeholders
  • Collaborate with and support the investigations and analysis of other Cybersecurity Operations teams

This role requires a wide variety of strengths and capabilities, including:

  • Experience with threat intelligence techniques and processes in an enterprise-level organization
  • Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries
  • Excellent written and verbal communication skills
  • Knowledge of computer networking concepts and protocols, and network security methodologies
  • Knowledge of network traffic analysis methods packet capture/protocol analysis
  • Experience interpreting networking, data flow, and architectural diagrams to identify vectors an adversary may seek to exploit
  • Experience leveraging the MITRE ATT&CK Framework

This role requires the following essential qualifications and capabilities:

  • Bachelor's Degree in Computer Science, Cybersecurity, or similar work experience in a related field.
  • Excellent communication skills, with the ability to articulate complex threat information to technical and non-technical audiences, both verbally and in writing
  • Demonstrated understanding of the vulnerability landscape and how it impacts the overall cyber threat landscape
  • An understanding in current affairs, and international relations, evidenced by an understanding of geopolitical dynamics as they relate to state-sponsored intelligence operations.
  • An understanding of the intelligence cycle, analysis methodologies, and processes.
  • An understanding of computer networking concepts, the OSI model and underlying network protocols (e.g., TCP/IP), network traffic analysis, packet and protocol analysis.
  • An understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques.
  • Primarily sub-techniques associated with initial access, network communications, or deployment of malware.
  • Specialist training or skills in one or more of the following:
  • Open Source Intelligence (OSINT) gathering and/or analysis
  • Social Media Intelligence (SMI/SOCMINT) gathering and/or analysis
  • Human Intelligence (HUMINT) analysis
  • Signals Intelligence (SIGINT) analysis
    Highly Desirable:
  • Intelligence community experience, or comparable private sector experience
  • Financial sector experience.
  • Industry certifications related to Pen Testing, Forensics, Networking or Security

Other Specific Technical Experience:

  • Experience with performing malware analysis (static properties and dynamic) and reverse engineering.
  • Previous experience in other information security roles such as SOC management, incident response, digital forensics, penetration testing, vulnerability management, threat intelligence, content development, or risk management
  • Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response.
  • Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc.
  • Experience analyzing system and application logs to investigate security issues and/or complex operational issues.
  • Solid understanding of enterprise detection technologies and processes across multiple control domains including email, network, endpoint, public cloud, etc
  • Demonstrated experience with utilizing SIEM (such as Splunk, ArcSight etc.) in investigating security issues and/or complex operational issues across a broad, diverse enterprise with a large number of different technologies.
  • Solid understanding of network protocols and operating systems across a broad, diverse enterprise with a large number of different technologies.

Other Experience which would be of benefit to the role:

  • Advanced knowledge of performance metrics and reporting, technical problem resolution, and risk management
  • Experience gathering and analyzing data to effect meaningful change in areas that need improvement
  • Advanced knowledge of architecture, design, and business processes
  • Ability to communicate and drive the strategic direction of the firm, delivering technology solutions that meet internal and external needs
  • Expertise prioritizing customer experience, reviewing feedback, hosting customer forums and focus groups to proactively address the needs of the customer
  • Ability to drive performance and develop teams - recruit diverse talent, run disciplined performance reviews, and regularly collaborate and check-in on priorities to help focus on key results
  • 5-8+ years information security experience team lead and mentoring experience is preferred
  • Significant business analysis or systems analysis experience working in an IT operations environment.
  • Experience investigating incidents and events in AWS, GCP and Azure
  • Strong analytics and reporting skills, with a focus on interdepartmental communication

Apply: here