|
|
Security Incident Lead
Status:Full Time, Employee
Job Ref Code:090057782
Job Location:Syracuse, NY 13244
Building on its longstanding commitment to New York State, JPMorgan Chase & Co. has established an innovative, industry leading partnership with Syracuse University. As part of this collaboration, employees of JPMorgan Chase & Co. are joining with Syracuse University faculty to create a unique curriculum focusing on Global Enterprise Technology and perform applied research in areas of mutual interest to the university and the firm.
Another key aspect of this partnership is the establishment of a JPMorgan Chase & Co. Technology Center on the campus of Syracuse University. The Tech Center will house team members providing the following technology functions:
- Formation of an Information Security & Risk Management Center of Excellence for use across the firm
- Application Development & Support of our world-class financial systems
- Collaborate with Syracuse University students and faculty on innovative research projects
Position Summary
The Global Security Management Center Security Incident Lead will be responsible for handling security escalations, working with outside security teams such as the Computer Security Incident Response Team and Cyber Security to resolve critical security events requiring additional/specific investigation, triage and mitigation. Security Incident Lead will also be responsible for assisting Security Incident Analysts with daily operations when required. Analysts will also assist the Global Security Management team in the creation of process, procedures, technical documentation, and completion of project tasks as required.
The Global Security Management Center is a 24x7, follow-the-sun operation and as such, this person will be required to cover shift rotational days and holidays.
Position Responsibilities
- Performing analysis of critical security events escalated from Security Incident Analysts, Cyber Risk or Computer Security Incident Response teams.
- Collaboration with Risk and Security Management, Global Technology Infrastructure, and Line of Business technical teams for issue resolution and mitigation
- Documentation of actions taken for audit, regulatory and legal purposes within approved event tracking system
- The creation of custom signature and processes based off of events and threats.
- Daily monitoring, review, processing and escalation of Content Management related events
- Daily review of proxy logs, darknet, and IDS logs for malicious activity or suspicious activity
- Operationalize known / understood issues for Security Incident Analysts teams.
- Daily review of Cyber Intelligence from outside sources to determine overall Internet threats
- Review and escalate Policy Violations and recommendations to HR, Legal, Compliance, etc.
- Work with Security Event Management engineering on alert creation, testing, validation and recertification
- Maintain partnerships with internal security teams such as Global Security and Investigations, Computer Security Incident Response Teams, etc.
- Support innovation and enhancement efforts within GSM as well as with the greater corporate risk community.
JPM-SU Tech Center
Experience Required
- 3-5 years experience with network technologies, specifically TCP/IP as well as previous vulnerability assessment, intrusion detection, firewall experience in an enterprise scale organization
- Experience with Perl, and Unix shell scripting
- Experience in a fast paced, high stress environment
- System administration experience of Windows, Unix, midrange, and mainframe systems
- Usage and management of firewall applications such as CheckPoint and Cisco PIX or strong knowledge of intrusion detection devices such as Snort, Dragon, Cisco IDS and Real Secure
- Proficient in the operation of network test and analysis equipment (Sniffer/protocol analyzer/etc)
- Robust understanding of network design principles with strong knowledge of the OSI model
- Strong interpersonal and customer service skills including the resolution of customer escalations, incident handling, response, and escalation
- Experience assisting the development and maintenance of tools, procedures, and documentation
Skills Required
- Thorough, demonstrated understanding of TCP/IP and networking concepts
- Use of Nessus, McAfee Intrushield, Cisco IDS, Enterasys Dragon IDS, RealSecure and Snort or similar technology
- Demonstrated analytical, problem solving, and prioritization skills
- Ability to think strategically, work with a sense of urgency and attention to detail
- Demonstrated ability to be reliable and flexible
- System administration of Windows, Unix, midrange and mainframe systems
- Excellent written and verbal communication and organizational skills
- Ability to present complex solutions and methods to general community.
- Strong knowledge and application of the OSI model
- Strong interpersonal and customer skills including incident resolution, response and escalation
- Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks
- Strong understanding of Information Security including threats, attacks, and vulnerability management.
- Outstanding work ethic
Skills Desired
- CISSP or SANS GIAC certification
- Technical or Security Operations Center (SOC) experience
- Experience working with an enterprise Security Information Management (SIM) tool such as RSA envision, ArcSight, Novell Sentinel
- Prior experience working in a technical support environment
- Understanding of auditing practices and regulatory requirements.
Level of Education Required
- Bachelors Degree preferably in Information Management, Business Management, or Engineering.
- Equivalent work experience will be considered
JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.
JPM-SU Tech Center
JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.
|
