JPMorgan Cyber Operations - Vulnerability Management 

United States, New York, New York 

489451595

As a
Vulnerability Management Operations - Senior Response Analyst

• Review new vulnerabilities published from multiple sources and identify those that may pose risk to the firm.
• Define an accurate risk rating in line with proprietary and industry standard risk rating methodologies.
• Identifying the impacted assets and/or application(s) at risk.
• Document the vulnerability providing a detailed write up on the risk and exposure.
• Assess exploit code and/or conceptual code to determine attack vectors.
• Confirm any risk mitigation factors and define the remediation activity if known.
• Build partnerships and workflows with Cyber Operations partners and leaders to optimize and refine vulnerability exposure checks based on exploit code analysis and attack vectors.
• Assess security researcher vulnerabilities to drive remediation and identify any additional exposure risk.

In addition, the successful candidate will need to:

• Be operationally focused and enjoy working in a dynamic environment, with the day-to-day focus on quick and timely risk reduction activities.
• Represent the global team and be a technical SME during NA hours major incidents impacting the Vulnerability Management space.
• Demonstrate the ability to develop and form strong working relationships with the partnering Cyber Operations functions and key technology leaders.
• Provide technical leadership within the team, mentoring and guiding junior team members.
• Be a self-starter while being able to work independently and challenge the status quo.
• Write clear and concise executive communications and operational updates.

Qualifications

• 5 years’ experience in a Cyber Operations/Vulnerability Management role with a strong knowledge of operational processes supporting Vulnerability Management and the wider SOC; with the ability to demonstrate comprehension of the end-to-end Vulnerability Management workflow (to include industry standards such as CVE, CPE, CVSS, and MITRE ATT&CK).
• Proven experience in command & control practices like Incident Management and/or Cyber incident response methodologies.
• Strong and broad understanding of Cyber Security Controls (Physical, Logical, Processes and Procedures)
• Strong and broad understanding of leading vendor products/applications e.g., Oracle [Java], VMWare, F5, Citrix, Microsoft; to include product lifecycle & release schedules.
• Strong and broad understanding of open-source software deployment in a large technology estate.
• Strong understanding of Cloud and Public/Private Cloud environments.
• Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills.
• Strong understanding of vulnerability exploitation to assess controls and/or recommend possible mitigations.
• Familiarity with Cyber scanning tools including Qualys, Snyk, CrowdStrike, and other tools is an advantage.
• Experience of working with data sources via SQL, , APIs and Splunk will be highly beneficial.
• Experience with Agile and experience working to manage remediation actions via an active backlog and Jira is an advantage.
• BS/BA degree or equivalent experience.