Sr. Cybersecurity Analyst – Vulnerability Management

As an experienced professional in our cybersecurity organization, you won’t just be watching over our data – you’ll be finding innovative new ways to protect it in the future. To do that, you’ll be a part of a highly motivated team focused on analyzing, researching, and risk assessing, different techniques used to surface security vulnerabilities in the building blocks of application security in order to appropriately respond to Vulnerabilities potentially impacting JPMC. You’ll use your skills to define how an open source vulnerability presents risk to JPMC, give guidance, advise on best practices to protect the firm and support our business and technology groups by helping explain the vulnerability & remediation recommendations. By taking the lead on vulnerabilities publically disclosed or otherwise identified, leading the incident response, completing risk reviews, documenting vulnerability assessments and analyze relevant threat intelligence. You’ll participate in defining best practices, new policies and emerging trends to strengthen our ability to respond and solution in the best interested of the firm. As part of our global team of response analysts, research analyst and remediation leads, your work will have a critical impact on our company, as well as our clients and our business partners around the world.High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

This role requires a wide variety of strengths and capabilities, including:

• Bachelor’s degree or equivalent experience
• Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Previous experience with application frame works and relevant experience with open source vulnerabilities.
• Understand the building blocks of application security and different techniques used to surface security vulnerabilities at different stages of an application lifecycle such as design, development, deployment, upgrade, maintenance.
• Understand the set of security flaws commonly seen across different applications including but not limited to Cross Site scripting, SQL injection, Cross Site Request Forgery, etc.
• Intermediate knowledge of: cloud computing, computer network defense, external organizations and academic institutions dealing with cybersecurity issues, financial authorities and regulations, identity management, incident management, information assurance, information management, information systems and network security and infrastructure design
• Intermediate knowledge of: cybersecurity activities associated with requirements analysis, risk analytics and modeling; risk management; emerging issues, risks, vulnerabilities and technologies; and vulnerability assessment as a Vulnerability Management Response Analyst, you will work directly with all Line of Business App Teams, Subject matter experts, Production Management Teams, Product Owners, Senior Technology Management, and Risk and Control functions on:
  • Defining each new vulnerability
  • Work to define a CVSS score and initial risk to the firm
  • Identifying the list of assets and/or application(s) at risk
  • Document the vulnerability
  • Provide a detailed write up on the risk and exposure
  • Define the remediation activity if known
  • Define the final firm wide vulnerability rating

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

Equal Opportunity Employer/Disability/Veterans