Cybersecurity - Senior Security Analyst - VP - Singapore

  • Competitive
  • Singapore
  • Permanent, Full time
  • J.P. Morgan
  • 24 Sep 16

Cybersecurity - Senior Security Analyst - VP - Singapore

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the worlds most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at .

Cybersecurity is chartered with managing and directing the security programs focused on the discipline of cyber security design, implementation, analytics, threats, monitoring, response, and investigation across the organization. Our core services are focused on assuring the security of the computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. This is accomplished through strong information risk governance, active collaboration with business risk managers, and providing high quality security solutions and services which enable improving the organization's overall risk posture.

The Senior Security Analyst in Attack Analysis will utilize their background in technology and incident response procedures to act as a subject matter in incident response. As a senior security analyst on the Attack Analysis team you will use defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Key responsibilities include:
- You will be responsible for the execution of incident handling functions as well as direct response activities for security events/incidents
- Correlate log data from multiple sources and develop "detect" to identify adversary behavior
- Contribute to the maturity of cyber threat hunting framework within the team
- Conduct host forensics, network, forensics, log analysis, and malware triage in support of security events/incidents
- Recognize and organize attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations.
- Examine network topologies to understand data flows through the network
- Assist in the creation of processes/procedures, technical documentation, as well as completion of project tasks
- Develop internal tools and automate processes/work flows in support of incident response
- Work closely with security engineering to articulate and define requirements for new security products
- Provide mentorship and training to junior security analysts and contribute to their career by developing challenges and exercises

This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

The Global Attack Analysis team is a 24x7, follow-the-sun operation and as such, this person may be required to cover shift rotational days, weekends, and holidays.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.

- 9 years of experience working in a security role performing Security Analysis, Security Operations, Incident Response, Attack Analysis, or Computer Network Defense (CND) capacity in a in a large, mission-critical environment
- In-depth knowledge of SIEM products and the ability to develop advanced correlation rules
- Solid understanding network protocols and experience conducting packet analysis using appropriate tools (e.g. tcpdump, wireshark, tshark)
- Programming experience in at least one of the following languages: Python, Perl, Powershell as well as an automation mindset
- Comprehensive understanding of regular expressions
- Previous experience working in an incident response position
- Knowledge of intrusion detection methodologies (IDS/IPS) and techniques for detecting host and network-based intrusions via intrusion detection technologies
- Experience with Malware / Reverse Engineering with ability to assist in Static and Dynamic Analysis
- Familiarity with multiple operating systems (e.g., Windows, Unix, Mac)

- Experience working as a penetration/red team tester with the ability to translate adversary behavior across multiple platforms (e.g., Windows, Unix, Mac) into identifiable patterns
- Understanding of exploitation frameworks (e.g. Powersploit/Empire, Veil) and ability to identify activity associated with their usage
- Experience working with statistics to provide context and visual representation of data (e.g. R, numpy)
- Previous experience working as part of a Computer Security Incident Response Team (CSIRT)
- Familiarity with web application vulnerabilities and OWASP Top 10