Security Operations Vice President, SIEM Content Engineer
Aumni
Job Description
As a Security Operations Vice President from the Cybersecurity Insider Threat Content Engineering team at JPMorgan Chase, you will contribute significantly to safeguarding the organization's digital assets and infrastructure by proactively detecting, assessing, and responding to threats, vulnerabilities, and security incidents. You will regularly collaborate with cross-functional teams to develop a coordinated approach to security, ensuring the integrity, confidentiality, and availability of sensitive data and systems.
You will apply advanced analytical, technical, and problem-solving skills to enable operational excellence and implement innovative solutions to address complex security challenges. By staying current with industry best practices, policies, and procedures, you will contribute to maintaining a secure digital environment and driving continuous improvement in the firm.
Job Responsibilities
- Execute and influence the design of comprehensive security strategies, policies, and procedures to enhance threat detection capabilities and protect the organization's digital assets and infrastructure from cybersecurity threats
- Monitor and analyze complex data and systems proactively to identify indicators of vulnerabilities and compromises, utilizing advanced tools and techniques to detect anomalies and contribute to the development of strategies for security investigation, threat mitigation, and incident response
- Use effective communication skills to present findings and solutions for existing and emerging insider threats to senior leaders and stakeholders.
- Evaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.
- Contribute to a great team and a winning culture through sharing of expertise and supporting growth opportunities for junior members of the team.
Required qualifications, capabilities, and skills
- Formal training or certification on cybersecurity concepts and 5+ years applied experience in cybersecurity operations, network security with a focus on threat detection, incident response, and security infrastructure management
- Bachelor's Degree in Computer Science or equivalent
- Demonstrated expertise in multiple security domains, including network security, malware analysis, threat hunting, and security architecture and design, with proficiency in using Security Information and Event Management (SIEM) tools and advanced analytics techniques
- Advanced knowledge of network and infrastructure configuration/security, including experience in designing and implementing security solutions for on-prem, cloud, or hybrid environments
- Possess excellent grasp of the Splunk SPL language – significant expertise in the development of efficient and effective Splunk searches, macros, dashboards and other knowledge objects and integrations with Splunk. Proven ability to create powerful, reliable, and efficient interactive dashboards in Splunk
- Possess excellent analytical and problem-solving skills with the ability to translate complex technical concepts into practical solutions based on risk assessment and risk appetite
- Possess excellent command of cybersecurity organization practices, insider threats, data loss prevention concepts, security incident triage, operations risk management principles and processes, architectural requirements, emerging threats and vulnerabilities, and incident response methodologies
- Possess excellent verbal and written communication skills with the ability to communicate complex technical concepts, recommendations and solutions to senior leadership and key stakeholders
Preferred qualifications, capabilities, and skills
- Possess recognized industry certifications (such as CISSP, CISM, CISA, CCSP, CSX-S, CSX-E)
- Previous cybersecurity operations experience within a large multi-national financial services organization is preferred
- Experience with Security Orchestration, Automation and Response (SOAR), Endpoint Detection & Response (EDR) or other tools used for security monitoring, detection, and response
- Experience with agile methodology and the ability to work with at least one of the common frameworks with knowledge of tools like Confluence, JIRA and ServiceNow
- Knowledge of scripting skills such as Python, PowerShell, etc
- Possess a good understanding of national and international laws, regulations, policies, and ethics related to financial industry cybersecurity and foundational knowledge of computer forensics; legal, government and jurisprudence as they relate to cybersecurity; operating systems; and methods for intelligence gathering and sharing