Vulnerability Management Response Analyst
The Cybersecurity & Technology Controls group atJPMorgan Chase aligns the firm's cybersecurity, access management, controls andresiliency teams. The group proactively and strategically partners with alllines of business and functions to enable them to design, adopt and integrateappropriate controls; deliver processes and solutions efficiently andconsistently; and drive automation of controls. The group's number one priorityis to enable the business by keeping the firm safe, stable and resilient.
Cybersecurity Vulnerability Management Response Teamis responsible for the initial vulnerability assessment, impact analysis firmwide, risk assessment for the firm, coordination & communication ofcritical vulnerabilities identified as impacting JPMorgan Chase applicationsand/or infrastructure components. Thisfunction is performed globally and at the scale of which JPMC operates bycoordinating a response that could be firm wide or application specific. The response team's actions are driven basedon the criticality of the vulnerability by balancing risk and the ability forour Line of Business partner to service their clients and customers globally. As a VulnerabilityManagement Response Analyst , you will work directly with all Line ofBusiness App Teams, Subject matter experts, Production Management Teams,Product Owners, Senior Technology Management, and Risk and Control functionson:
- Defining each new vulnerability
- Work to define a CVSS score and initial risk to the firm
- Identifying the list of assets and/or application(s) at risk
- Document the vulnerability
- Provide a detailed write up on the risk and exposure
- Define the remediation activity if known
- Define the final firm wide vulnerability rating
Working in cybersecurity takes passion for technology,speed, a desire to learn, and vigilance in order to keep every asset safe. You'llbe on the front lines of innovation, working with a highly motivated teamfocused on analyzing, designing, developing and delivering solutions built tostop adversaries and strengthen our operations. Your research and work willensure stability, capacity and resiliency of our products. Working with yourinternal team, as well as technologists and innovators across our globalnetwork, your ability to identify threats, provide intelligent analysis andpositive actions will stop crimes and strengthen our data. This role requires a widevariety of strengths and capabilities, including:
· Bachelor's degreeor equivalent experience
· Foundationalknowledge of cybersecurity organization practices, operations, risk management processes,principles, architectural requirements, engineering and threats andvulnerabilities, including incident response methodologies
· Ability tocollaborate with high-performing Agile teams and individuals throughout thefirm to accomplish goals
· Proficiency inthe use of skills tools, staying current with skills, participating in multipleforums
· Ability toanalyze vulnerabilities, threats, designs, procedures and architectural design,producing reports and sharing intelligence
· Foundational knowledgeof: computer forensics; legal, government and jurisprudence as they relate tocybersecurity; operating systems; and methods for intelligence gathering andsharing
· Foundationalknowledge of: cloud computing, computer network defense, external organizationsand academic institutions dealing with cybersecurity issues, financialauthorities and regulations, identity management, incident management,information assurance, information management, information systems and networksecurity and infrastructure design
- Experience in a Cyber Vulnerability role with knowledge of operation practices supporting Vulnerability management.
- Minimum of 3 years' experience of risk management processes with the ability to demonstrable comprehension of end to end Vulnerability Management workflow to include industry standards such as CVE, CPE, CVSS
- Minimum of 5 years' experience in command & control practices like Incident Management and/or Cyber incident response methodologies
- Familiarity with Cyber scanning tools including Qualys, BlackDuck, and Tanium.
- Knowledge or experience with Splunk, WireShark, Excel, and SQL.
- Experience with Agile and experience working to manage remediation actions via an active backlog & Jira.
- Sound awareness of leading vendor products/applications from Oracle [Java], Adobe and Microsoft to include product lifecycle & release schedules
- Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills
- Previous 24 x 7 operations experience
When you work at JPMorgan Chase & Co., you're notjust working at a global financial institution. You're an integral part of oneof the world's biggest tech organizations. In our global technology centers,our team of 50,000 technologists design, build and deploy everything fromenterprise technology initiatives to big data and mobile solutions, as well asinnovations in electronic payments, cybersecurity, machine learning, and clouddevelopment. Our $11B annual investment in technology enables us to hire peopleto create innovative solutions that are transforming the financial servicesindustry.
At JPMorgan Chase & Co. we value the unique skills ofevery employee, and we're building a technology organization that thrives ondiversity. We encourage professional growth and career development, and offercompetitive benefits and compensation. If you're looking to build your careeras part of a global technology team tackling big challenges that impact thelives of people and companies all around the world, we want to meet you.