Job Description
JPMorgan Chase
Working in Cybersecurity takes a passion for balancing technology with determining the inherent risk of a vulnerability by balancing preventative controls against known exploits, and above all, vigilance in keeping JPMC technology secure for our customers & clients. You’ll be on the front lines of managing vulnerabilities by making critical decisions on the inherent risk to the infrastructure or the application itself and thus the risk to the firm clients & customers. You will be working with a highly-motivated team laser-focused on analyzing, scoping, developing and delivering solutions built to stop adversaries and strengthen our security posture. Your research and work will ensure stability and resiliency of our current technology products, emerging technology and our vast application estate. Working in tandem with various internal teams both in Cyber and various Line of Business partners, as well as technologists and innovators across our global network, by leading the positive actions that will stop adversaries and strengthen customer’s confidence.
Responsibilities
As a Vulnerability Management Response Analyst, you will work directly with Line of Business App Teams, Subject Matter Experts, Production Management Teams, Product Owners, Senior Technology Management, and Risk and Control functions on:
- Review new vulnerabilities published from multiple sources and identify those that may pose risk to the firm or its subsidiaries.
- Define an accurate risk rating in line with proprietary and industry standard risk rating methodologies.
- Identifying the list of assets and/or application(s) at risk.
- Document the vulnerability providing a detailed write up on the risk and exposure.
- Confirm any risk mitigation factors and define the remediation activity if known.
Qualifications
- Minimum of 2 years experience in a Cyber Vulnerability Management role with knowledge of operational processes supporting Vulnerability management; with the ability to demonstrate comprehension of the end to end Vulnerability Management workflow (to include industry standards such as CVE, CPE, CVSS).
- Proven experience in command & control practices like Incident Management and/or Cyber incident response methodologies.
- Familiarity with Cyber scanning tools including Qualys, Snyk, Tanium, CrowdStrike and other tools an advantage.
- Python development skillset with the ability to quickly understand a problem or use case and efficiently develop solutions taking a structured approach including Python coding, debugging, data structures, libraries, frameworks, and release packaging.
- Experience of databases, SQL, APIs and Splunk will be highly beneficial.
- Experience of working with data sources via SQL, APIs and Splunk will be highly beneficial.
- Sound awareness of leading vendor products/applications e.g. Oracle [Java], Adobe and Microsoft to include product lifecycle & release schedules.
- Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills.
- Experience with Agile and experience working to manage remediation actions via an active backlog and Jira an advantage.
- Previous 24 x 7 operations experience.
- BS/BA degree or equivalent experience.
Your expertise in Cyber, combined with your desire to provide innovative security services, will be an asset to our Cybersecurity team. Help deliver high-quality secure solutions across all our lines of business around the world by creating, designing, implementing, and maintaining next-level technology. The work you’ll do is vital, as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.
When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
About us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.
About the Team
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm’s cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group’s number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.
Source ⇲