The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls deliver processes and solutions efficiently and consistently and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment..
Vice President, Digital Forensics and Incident Response (DFIR) will be required to conduct digital forensic analysis in support of HR/ER, Legal, Compliance, Cybersecurity, and Global Security investigations. Additionally, DFIR is responsible for examining post-exploitation artifacts across JPMC digital assets with a focus toward extracting and sharing Indicators of Compromise (IoCs) or details of control gaps in support of live incidents, post-incident investigations, or internal investigations.
A successful candidate will have experience working independently and/or as part of a team in digital forensic investigations. They will also possess a strong investigative mindset, attention to detail, strong problem-solving skills, strong technical skills, good self-awareness and a drive to be thorough, timely and accurate.
. Act as a local/site technical team lead and liaison to Regional and Global DFAS/DFIR leadership.
. Collects digital evidence from a variety of sources to include computers, cloud platforms, mobile devices, logs from applications/aggregation platforms and network evidence keeping forensic principles in mind.
. Analyzes host and network-based artifacts generated by users or software to be able to reconstruct activities which occurred on computing assets.
. Communicates with stakeholders clearly and effectively during and after the completion of an investigation to ensure that all concerns are addressed and the circumstances surrounding the situation are fully understood.
. Writes detailed notes and reports which properly document the steps taken during an investigation so that the methods used, and outcome obtained are understandable and repeatable.
. Works with team members as well as other internal and external teams or stakeholders to develop forensic processes for new technologies as well as to automate existing and new processes to increase efficiency and scalability.
. Works with other team members to improve procedures in order to increase the efficiency of the team and the robustness of the team's work product.
. Validates, verifies and documents new and existing forensic toolsets for use by the team.
. Engages in continuous learning and shares information with teammates.
Skills and abilities:
Some, but not all of the diverse skills expected from a candidate for this position would include the following:
. The ability to function well in a leader-leader environment, where individuals take ownership of work or projects and are responsible for the outcome
. An understanding of digital forensic tools and techniques used to support internal fraud and employee investigations
. An understanding of how tools work as well as the willingness and ability to manually examine data when required
. An understanding of the scientific method and how it applies to digital forensics
. Use host-based and network forensic capabilities to reconstruct actions on a computer or develop information regarding IOCs and TTPs for threat actors and malware, which can be shared amongst other internal teams
. Leverage practical experience to develop methodologies for proactive hunting of threat actors in the absence of alerting or rules-based detections
. Experience preparing in-depth investigation reports into forensic investigations, breach reports, privacy incidents and data exposure type cases
. Demonstrate strong written and verbal communication skills necessary to effectively interpret investigative requirements, provide technical guidance, and provide detailed documentation of analysis findings
. Bachelor's Degree in Computer Science or other Technology related field preferred
. Minimum 7 years of experience working in the computer forensics, cybercrime investigations, and other related technical fields
. Well-developed knowledge of computer forensic best practices and industry standard methodologies for investigating host-based and network-based investigations
. Experience with networking protocols and packet analysis
. Experience working with industry standard tools (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT, Cellebrite, etc.)
. Able to work independently and/or with a team to conduct forensic examinations.
. Able to articulate and visually present complex forensic investigation and analysis results.
. Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
. The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective.
. Able to work under pressure in time critical situations.
. Excellent written and verbal communication skills are required.
. Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in non-technical terms.
. Digital Forensics and Incident Response experience in large and highly regulated enterprises.
. Experience with malware reverse engineering
. Experience with investigating data compromise events
. Ability to automate tasks using a scripting language (Python, PowerShell, Bash, etc.)
. Industry standard digital forensics certifications (GCFA, GNFA, GCFE, CFCE, etc.)
. Industry standard information security technology certifications (GCIH, GREM, etc.)
. Memberships and participation in relevant professional associations
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants and employees religious practices and beliefs, as well as any mental health or physical disability needs.
To apply for this position, please use the following URL: