JPMorgan Chase SIEM Architect - Splunk | ArcSight | QRadar in Jersey City, New Jersey

Cyber @ JPMC…

The Cybersecurity organization within JPMorgan Chase & Co. provides security services to all lines of business (LOB) across JPMC. The objective of Cybersecurity is to balance both business alignment and the centralized delivery of core products and services including Security Standards, Monitoring & Protection, Assurance & Awareness, and Security Operations. Cybersecurity is designed to address the JPMC global security needs across all LOBs and the demand to leverage economies of scale across the firm.

The Cybersecurity Enterprise Architecture Team translates security requirements into system qualities (e.g., tenets) and then into repeatable design strategies and patterns. The Team designs architectural models of solutions and describes how those solutions integrate into the broader technical infrastructure of the firm. In partnership with development teams, the Cybersecurity Enterprise Architecture Team drives architecture standards into delivered solutions.

The Role…

We are seeking a Security Event & Incident Management (SEIM) Architect as part of our Data Management architecture function. The Data Management architecture group will be part of a larger Data Security team, including control, human user experience/operations, and security focused expertise.

  • Have you spent time working triage for the SOC on security incidents or outages?

  • Can you identify what data matters, where systems will fail, and achievable opportunities for improvement?

  • Do you have very strong opinions on the integrity, structure, availability and confidentiality of SEIM messages and reference data?

  • Can you turn all of that into clear, agreed & well documented design requirements and architectures in tight partnership with the delivery teams?

  • Do you know your CIM from your CEF?

  • Can you anticipate the end user, operational and technical requirements of Incident Responders, Threat Intelligence, Insider Threat detection & deep forensic investigations?

  • Do you want the drive better user experience, faster triage, more reliable event detection with sharper, cleaner, and just plain better integrated data?

  • Can you write great docs, draw great diagrams and give a great speech?

The Requirements…

  • Cyber security engineering or architecture experience for SEIM systems and process improvement.

  • Experience building or operating large scale infrastructures in a 24x7 environment

  • Demonstrated expert level hands on time with top tier SEIM tools, including log consolidation, correlation, enrichment and case handling tools – e.g. Splunk, ArcSight, Phantom, NetWitness, Qradar etc...

  • Experience designing or operating enterprise detection and response solutions taking into account Kill Chain cycles, root cause analysis, containment and other industry best practices

  • Experience integrating data from new build & legacy systems to provide an integrated service

  • Ability to lead meetings, divide responsibilities, deconstruct strategic goals into realistic achievable milestones and accomplishments,

  • Ability to explain & document complex technical and operational concepts in tight, structured communications to technical and executive audiences required

  • Demonstrated technical expertise across a variety of SEIM platforms, operating systems, data store technologies and development languages

  • Demonstrated technical expertise in SEIM content (correlation & matching rules) & technical writing

  • Practical experience in any of the below considered a plus:

  • Micro service based architectures, big data, machine learning, statistical and behavioral analysis/risk reporting

  • next gen cloud /‘hybrid’ on prem / off prem SEIM a plus – e.g. Microsoft security graph, others

  • Intelligence lead hunt/data analysis for insider threat and APT

  • Data Modeling & visualization solutions such as Erwin. MagicDraw, RDF, D3, QlikView, tableau, etc.

  • Operating in an Agile environment on the Atlassian (Confluence, JIRA, etc.) stack

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/ .

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.