Operations intelligence job description

As an experienced professional in our Cybersecurity & Technology Controls organization, you're equally committed to safeguarding our information and technology assets today, as well as finding innovative ways to protect them in the future. To do that, you'll play a key role in developing a shared understanding of the threats specifically to our critical suppliers, and subsidiaries, relative to the evolving threat landscape, allowing the firm to make threat informed cybersecurity decisions. You'll join a highly motivated team focused on analysing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. You'll use your subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. You'll support threat analysis, incident response, and the development of cyber risk reviews, all of which drive cost-effective solutioning. As part of JPMorgan Chase & Co.'s global team of technologists and innovators, your work will have a massive impact, both on us as a company, as well as our clients and our business partners around the world.

The Cybersecurity Operations (CSO) holds the global mandate for JPMC's cyber intelligence collection, analysis, and dissemination of finished products to the firm's Cybersecurity & Technology Controls teams, lines of business, and overall executive decision makers. The Supplier Threat Intelligence and Incident Response (STIIR) team is responsible for tracking threats and incidents involving the firm's third party suppliers, and subsidiaries to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. This includes developing a deep understanding of global threat actors and their tactics, techniques, and procedures employed during cyber-attacks.

**You'll play an integral role in the threat driven defense of JPMC. The responsibilities for this position include, but are not limited to:**

+ Using the Cyber Analytic Intelligence Lifecycle, conduct analysis on threats to JPMC Suppliers and Subsidiaries to understand if they have been breached, work directly with the JPMC lines of business as well as the Suppliers to mitigate and remediate. Team with the Firm's stakeholders to ensure end to end processes are in place, and close gaps to ensure the business understands the supplier risk.

+ Conduct or lead threat landscape assessments and in-depth analysis into suppliers' infrastructure to deliver to JPMC stakeholders; also conduct similar assessments for companies JPMC is looking to acquire

+ Participate in the firm's supplier incident response efforts/team, and drive down supplier risk. Help develop the end to end process, and playbooks across the firm's stakeholders, collaborate with the firm's most critical suppliers and work towards remediation. Ensure the firm understands Supplier risk and proactively work to ensure tracking and awareness across the lines of business, and all key stakeholders

+ Help engage suppliers when they suffer a cyberattack; determine initial infection vector, attack paths, and indicators of compromise to uplift the firms' security controls, while also working through remediation plans and control uplifts to enhance the suppliers' security posture

+ Help develop the continuous, proactive monitoring processes that alert the firm to impending or actual cybersecurity events involving our critical third-party suppliers, subsidiaries, and key clients
+ Prepare and deliver written and verbal briefings for stakeholders

+ Collaborate with and support the investigations and analysis of other Cybersecurity Operations teams

**This role requires a wide variety of strengths and capabilities, including:**

+ Experience with threat intelligence techniques and processes in an enterprise-level organization

+ Detailed knowledge of global cyber threats, threat actors, and the tactics, techniques, and procedures used by cyber adversaries

+ Excellent written and verbal communication skills

+ Knowledge of computer networking concepts and protocols, and network security methodologies

+ Knowledge of network traffic analysis methods packet capture/protocol analysis

+ Experience interpreting networking, data flow, and architectural diagrams to identify vectors an adversary may seek to exploit

+ Experience leveraging the MITRE ATT&CK Framework

**This role requires the following essential qualifications and capabilities:**

+ Bachelor's Degree in Computer Science, Cybersecurity, or similar work experience in a related field.

+ Excellent communication skills, with the ability to articulate complex threat information to technical and non-technical audiences, both verbally and in writing

+ Demonstrated understanding of the vulnerability landscape and how it impacts the overall cyber threat landscape

+ An understanding in current affairs, and international relations, evidenced by an understanding of geopolitical dynamics as they relate to state-sponsored intelligence operations.

+ An understanding of the intelligence cycle, analysis methodologies, and processes.

+ An understanding of computer networking concepts, the OSI model and underlying network protocols (e.g., TCP/IP), network traffic analysis, packet and protocol analysis.

+ An understanding of the MITRE ATT&CK Framework, stages of an attack and sub-techniques.

+ Primarily sub-techniques associated with initial access, network communications, or deployment of malware.

+ Specialist training or skills in one or more of the following:

+ Open Source Intelligence (OSINT) gathering and/or analysis

+ Social Media Intelligence (SMI/SOCMINT) gathering and/or analysis

+ Human Intelligence (HUMINT) analysis

+ Signals Intelligence (SIGINT) analysis

Highly Desirable:

+ Intelligence community experience, or comparable private sector experience

+ Financial sector experience.

+ Industry certifications related to Pen Testing, Forensics, Networking or Security

**Other Specific Technical Experience:**

+ Experience with performing malware analysis (static properties and dynamic) and reverse engineering.

+ Previous experience in other information security roles such as SOC management, incident response, digital forensics, penetration testing, vulnerability management, threat intelligence, content development, or risk management

+ Proven experience in day-to-day operational processes such as security monitoring, data correlation, troubleshooting, security operations, digital forensics, and incident response.

+ Good grasp of security incident response, such as different phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IOCs), etc.

+ Experience analyzing system and application logs to investigate security issues and/or complex operational issues.

+ Solid understanding of enterprise detection technologies and processes across multiple control domains including email, network, endpoint, public cloud, etc

+ Demonstrated experience with utilizing SIEM (such as Splunk, ArcSight etc.) in investigating security issues and/or complex operational issues across a broad, diverse enterprise with a large number of different technologies.

+ Solid understanding of network protocols and operating systems across a broad, diverse enterprise with a large number of different technologies.

**Other Experience which would be of benefit to the role:**

+ Advanced knowledge of performance metrics and reporting, technical problem resolution, and risk management

+ Experience gathering and analyzing data to effect meaningful change in areas that need improvement

+ Advanced knowledge of architecture, design, and business processes

+ Ability to communicate and drive the strategic direction of the firm, delivering technology solutions that meet internal and external needs

+ Expertise prioritizing customer experience, reviewing feedback, hosting customer forums and focus groups to proactively address the needs of the customer

+ Ability to drive performance and develop teams - recruit diverse talent, run disciplined performance reviews, and regularly collaborate and check-in on priorities to help focus on key results

+ 5-8+ years information security experience team lead and mentoring experience is preferred

+ Significant business analysis or systems analysis experience working in an IT operations environment.

+ Experience investigating incidents and events in AWS, GCP and Azure

+ Strong analytics and reporting skills, with a focus on interdepartmental communication

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.

As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.

Equal Opportunity Employer/Disability/Veterans