Security Operations Senior Associate

Job Description
Seize the opportunity to enhance cybersecurity, utilizing your skills in threat analysis and incident response to protect vital data and systems.
As a Security Operations Senior Associate in Cyber Security and Technology Controls, you will play an important role in safeguarding the organization's digital assets and infrastructure by proactively detecting, assessing, and responding to threats, vulnerabilities, and security incidents. Drawing on your knowledge of security principles, practices, and theories, you will collaborate with cross-functional teams to develop a coordinated approach to security and educate employees on best practices, policies, and procedures. Your work will have a direct impact on departmental outcomes, as you plan and ensure progress, identify gaps in information, and conduct analyses to solve complex cybersecurity problems. By utilizing your advanced analytical, technical, and problem-solving skills, you will contribute to the continuous improvement of our cybersecurity posture and help maintain the integrity, confidentiality, and availability of sensitive data and systems.
Job responsibilities

• Review new vulnerabilities published from multiple sources and identify those that may pose risk to the firm.
• Identify the impacted assets and/or application(s) at risk via various internal tools with a focus on OSS (Open Source Scanning) of 3 rd party applications. Document the vulnerability providing a detailed write up on the risk and exposure.
• Confirm any risk mitigation factors and define the remediation activity if known. Assess exploit code and/or conceptual code to determine attack vectors.
• Recommend any risk mitigation factors and define the remediation activity if known.
• Assess security researcher identified vulnerabilities to provide recommendations on remediation and identify additional risk.
• Be operationally focused and enjoy working in a dynamic environment, with the day-to-day focus on quick and timely risk reduction activities.
• Drive the global teams' daily workflow, undertaking daily case-load analysis and prioritization.
• Represent the global team and be the technical lead on major incidents impacting the Vulnerability Management space.
• Demonstrate the ability to develop and form strong working relationships with the partnering Cyber Operations functions and key technology leaders in the region. Be a self-starter who will take the initiative while being able to work independently and challenge the status quo

Required qualifications, capabilities, and skills

• Formal training or certification on Cyber Operations/Vulnerability Management and 3+ years applied experience.
• Ability to demonstrate comprehension of the end-to-end Vulnerability Management workflow (to include industry standards such as CVE, CPE, CVSS).
• Proven experience in command & control practices like Incident Management and/or Cyber incident response methodologies.
• Strong and broad understanding of Cyber Security Controls (Physical, Logical, Processes and Procedures)
• Strong and broad understanding of leading vendor products/applications e.g., Oracle [Java], VMWare, F5, Citrix, Microsoft; to include product lifecycle & release schedules.
• Strong and broad understanding of open-source software deployment in a large technology estate.
• Strong understanding of Cloud and Public/Private Cloud environments.
• Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills.
• Familiarity with Cyber scanning tools including Qualys, Snyk, CrowdStrike, and other tools is an advantage.
• Experience of working with data sources via SQL, JSON, APIs and Splunk will be highly beneficial.
• General understanding of how software is built, what dependencies are, and how vulnerable dependencies present risk to the application.

Preferred qualifications, capabilities, and skills

• Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills.
• Familiarity with open source vulnerability databases and tools e.g., National Vulnerability Database (NVD), Snyk.
• Strong ability to work collaboratively in a team environment

About Us
JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
About the Team
Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.