Job Description J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
As an experienced professional in our Cybersecurity & Technology Controls organization, you're equally committed to safeguarding our information and technology assets today, as well as finding innovative ways to protect them in the future. To do that, you'll play a key role in developing a shared understanding of the defensive posture at JPMorgan Chase & Co. (JPMC) relative to the evolving threat landscape, allowing the firm to make threat informed cybersecurity decisions. You'll join a highly motivated team focused on analyzing, designing, developing, and delivering solutions built to stop adversaries and strengthen our operations. You'll use your subject matter expertise to give guidance, best practices, and support to business and technology stakeholders during the deployment of critical business and technology initiatives. You'll support threat analysis, incident response, vulnerability assessments, and risk reviews, all of which drive cost-effective solutioning. As part of JPMorgan Chase & Co.'s global team of technologists and innovators, your work will have a massive impact, both on us as a company, as well as our clients and our business partners around the world.
The Cybersecurity Intelligence Group (CIG) holds the global mandate for JPMC's cyber intelligence collection, analysis, and dissemination of finished products to the firm's global Cybersecurity & Technology Controls teams, lines of business, and overall executive decision makers. This team is responsible for engagement with industry peers regarding cyber threats, to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks, and loss of proprietary information. This includes developing a deep understanding of global threat actors, their tactics, techniques, and procedures employed during cyber attacks.
As a threat modeling analyst within the CIG, you'll play an integral role in the threat driven defense of JPMC. The responsibilities for this position include, but are not limited to:

• Develop threat modeling processes that analyze the firm's ability to mitigate cyber attacks across business and technology environments
• Develop cyber threat scenarios to enable risk management and the secure deployment of key organizational initiative
• Identify areas for potential attacks and systemic security issues as they relate to threats and vulnerabilities, including recommendations for enhancements or remediation
• Prepare and deliver written and verbal briefings to message threat modeling findings across all levels of the enterprise
• Monitor the cyber threat environment to incorporate trends in potential attack activity, and ensure sustainability of threat modeling deliverables

Qualifications - External
This role requires a wide variety of strengths and capabilities, including:

• Demonstrable understanding of information technology principles including: software, hardware, networking, and Cloud infrastructure
• Experience working with threat modeling methodologies such as STRIDE, PASTA, or comparable experience visually representing data and process flows in an enterprise environment
• Experience leveraging the MITRE ATT&CK™ Framework
• Experience interpreting networking, data flow, and architectural diagrams to identify vectors an adversary may seek to exploit
• Red team or penetration testing experience, identifying and simulating adversarial activity within a pre-defined scope
• Experience with threat intelligence techniques and processes in an enterprise level organization
• Detailed knowledge of global cyber threats, threat actors and the tactics, techniques, and procedures used by cyber adversaries
• Excellent written and verbal communication skills
• This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

Highly Desired

• 4+ years Intelligence Community experience and/or 4+ years' experience at an international institution conducting cyber or security/intelligence related work
• B.S. or M.S. degree level qualification or equivalent
• Computer or mathematical modeling qualification, or demonstrable experience of working in this field
• Experience in Agile Environments
• Cybersecurity or information technology certifications
• A broad understanding of all areas of banking and the threats faced by the financial sector
• Financial sector experience
• A broad understanding of the threats faced by the financial sector

Your expertise in cybersecurity, combined with your desire to provide innovative security services, will be an asset to our Cybersecurity & Technology Controls organization. Join us in delivering high-quality security solutions across our lines of business around the world, and by creating, designing, implementing, and maintaining next-level technologies. The work you'll do is vital, as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.
When you work at JPMorgan Chase & Co., you're not just working at a global financial institution. You're an integral part of one of the world's biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee, and we're building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you're looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.
It's time to take your career to the next level, and we can help. Apply today.
About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.