Security Operations Senior Associate - Perimeter Response
JPMorgan Chase
- Houston, TX
- Permanent
- Full-time
- Investigate anomalous network traffic pattern events
- Develop and maintain DoS and web application firewall policies to protect the Firm, exercising a disciplined approach that minimizes operational risk and maximizes security posture
- Identify, document, and mitigate risk and exposure to emerging threats identified by peer organizations
- Test and validate policy rules/signatures for effectiveness, applicability, etc.
- Profile current and new applications and map to appropriate perimeter security policy
- Deliver Incident Response Support for DoS, DDoS, and related application attacks
- Provide activity and progress reporting to Cyber Operations management
- Monitor and analyze security infrastructure, contributing to detection and response to threats, vulnerabilities, and incidents to ensure the integrity, confidentiality, and availability of sensitive data and systems
- Conduct in-depth security investigations, analyzing logs, network traffic, and other data sources to identify root causes, assess impact, and gather evidence for response and mitigation actions
- Develop and maintain threat detection and response playbooks, incorporating industry best practices, regulatory requirements, and lessons learned from previous incidents
- Collaborate with cross-functional teams to develop and implement coordinated security strategies, policies, and procedures, while educating employees on best practices
- 3+ years of experience in cybersecurity operations, including threat detection, incident response, and vulnerability management
- Network performance management such as troubleshooting slow server response times and network routing issues
- Web Application Firewall (WAF) administration including custom signature authoring, managing governance of signature deployment, patching, etc., signature efficacy evaluation/tuning, authoring of policy testing regimen
- Web application developer/administration including troubleshooting of web server engines (e.g. connection monitoring, resource utilization, slow response, etc.), web application stacks (e.g. connections from an application to a database server, authentication flows, etc.), elements supporting web applications such as containers, operating systems, micro-service hosting platforms, and impacts of application errors related to data validation or malformed API calls
- TCP/IP network administration / optimization / troubleshooting
- Incident response experience for inbound application attacks with experience working in a structured, formal “Security Operations Center” (SOC) environment and proficiency in identifying internet sources and distinguishing suspicious from benign
- Demonstrated experience in network traffic analysis, log analysis, vulnerability analysis, exploitation, and security investigation techniques to identify and respond to security incidents
- Proficiency in scripting to automate tasks, implement controls, and manipulate data
- Advanced knowledge of security protocols, cryptography, authentication, authorization, and security architecture design principles
- SIEM including complex search compilation in tools such as Splunk
- Application development such as text manipulation/handling via scripting in Python or Java and regular expressions, creating proof of concepts to exploit zero day vulnerabilities
- Previous 24 X 7 operations experience
- 1 or more years of cybersecurity operations related experience, including threat and risk assessment documentation