You will be one of the team's subject matter experts on SIEM as well as cloud technologies. You will help mature how JPMC utilizes multiple SIEM solutions (primarily Splunk) for various use-cases within Cyber Operations. The ideal candidate will be someone with previous SOC and cloud experience who enjoys researching TTPs and the threat landscape and translating that research data into high quality detections. Your role involves actively seeking effective and comprehensive detection strategy and capabilities, ensuring detections are thoroughly tested, alerts are relevant, of value and playbooks are available to and understood by cybersecurity operations teams.
As one of the team’s specialists on cloud technologies, you will work to mature the Attack Analysis team in how we secure, monitor and respond to incidents in both private and public cloud environments. You will work with internal security engineering and cloud engineering teams to ensure that Attack Analysis requirements are represented in the architecture, design and implementation of cloud environments. You'll help design, write and automate detection and incident response processes and tools for public and private cloud environments.
Key areas of focus include:
Primary Qualifications
- Min. 6 years of working experience with at least 4 years of hands-on experience in Security Operations and Incident Response or Computer Network Operations (CNO) or Computer Network Defense (CND).
- Hands-on experience with at least 1 cloud platform (AWS, Azure, GCP) including infrastructure, security and cloud APIs.
- Bachelor’s degree in Computer Science, Information Security, Digital Forensics or equivalent qualification.
- Excellent written and verbal communication skills to describe security event details and technical analysis with audiences within the cybersecurity organization and other technology groups.
- Strong collaboration and stakeholder engagement skills.
- Experience with the creation and tuning of alerting rules from a SIEM and other devices in response to changing threats.
- Ability to research TTPs and develop high fidelity detections in various tools/languages including but not limited to: Splunk, CrowdStrike, Azure Sentinel, Suricata, Snort.
- Ability to use data science and analytical skills to identify anomalies over large datasets.
- Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
- Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
- Ability to perform packet-level analysis and strong understanding of common network protocols and the OSI model.
- Experience using scripting languages (Python, Powershell, Bash, etc.) to parse machine-generated data, interact with REST APIs and automate repetitive tasks.
Additional Technical Qualifications
- Experience with regular expressions and their applications.
- Experience with Digital Forensics & Incident Response processes including memory & file system analysis methodologies.
- Experience with analyzing Endpoint Detection & Response (EDR) telemetry and excellent knowledge of operating system internals (Windows, Linux, macOS).
- Knowledge with command line tools across Windows and Linux.
- Familiarity with malware analysis (both static and dynamic), binary triage, and file format analysis.