Job Description
Associate, Digital Forensics and Incident Response - Cybersecurity Operations
Associate, Digital Forensics and Incident Response ("DFIR") will be required to conduct digital forensic analysis in support of HR/ER, Legal, Compliance, Cybersecurity, and Global Security investigations. Additionally, DFIR is responsible for examining post-exploitation artifacts across JPMC digital assets with a focus toward extracting and sharing Indicators of Compromise ("IoCs") or details of control gaps in support of live incidents, post-incident investigations, or internal investigations.
A successful candidate will have experience working independently and/or as part of a team in digital forensic investigations. They will also possess a strong investigative mindset, attention to detail, strong problem-solving skills, strong technical skills, good self-awareness and a drive to be thorough, timely and accurate.
This position requires work from the office a minimum of 60% of the time.
Responsibilities:

• Collects digital evidence from a variety of sources to include computers, cloud platforms, mobile devices, logs from applications/aggregation platforms and network evidence keeping forensic principles in mind.
• Analyzes host and network based artifacts generated by users or software to be able to reconstruct activities which occurred on computing assets.
• Communicates with stakeholders clearly and effectively during and after the completion of an investigation to ensure that all concerns are addressed and the circumstances surrounding the situation are fully understood.
• Writes detailed notes and reports which properly document the steps taken during an investigation so that the methods used and outcome obtained are understandable and repeatable.
• Works with team members as well as other internal and external teams or stakeholders to develop forensic processes for new technologies as well as to automate existing and new processes to increase efficiency and scalability.
• Works with other team members to improve procedures in order to increase the efficiency of the team and the robustness of the team's work product.
• Validates, verifies and documents new and existing forensic toolsets for use by the team.
• Engages in continuous learning and shares information with team mates.

Skills and abilities:
Some, but not all of the diverse skills expected from a candidate for this position would include the following:

• The ability to function well in a leader-leader environment, where individuals take ownership of work or projects and are responsible for the outcome.
• An understanding of digital forensic tools and techniques used to support internal fraud and employee investigations.
• An understanding of how tools work as well as the willingness and ability to manually examine data when required.
• An understanding of the scientific method and how it applies to digital forensics.
• Use host-based and network forensic capabilities to reconstruct actions on a computer or develop information regarding IOCs and TTPs for threat actors and malware, which can be shared amongst other internal teams.
• Leverage practical experience to develop methodologies for proactive hunting of threat actors in the absence of alerting or rules-based detections.
• Experience preparing in-depth investigation reports into forensic investigations, breach reports, privacy incidents and data exposure type cases.
• Demonstrate strong written and verbal communication skills necessary to effectively interpret investigative requirements, provide technical guidance, and provide detailed documentation of analysis findings.

Qualifications

• Bachelor's Degree in Computer Science or other Technology related field preferred.
• 1 year of experience working in the computer forensics, cybercrime investigations, and other related technical fields.
• Law enforcement or military experience preferred.
• Well-developed knowledge of computer forensic best practices and industry standard methodologies for investigating host-based and network analysis.
• Experience with malware reverse engineering is a plus.
• Experience with investigating data compromise events is a plus.
• Experience with networking protocols and packet analysis.
• Experience working with industry standard tools (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT, Cellebrite, etc.)
• Ability to automate tasks using a scripting language (Python, PowerShell, Bash, etc.) is a plus.
• Able to work independently and/or with a team to conduct forensic examinations.
• Able to articulate and visually present complex forensic investigation and analysis results.
• Strong attention to detail in conducting forensic analysis combined with an ability to accurately record full documentation in support of the investigation.
• The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective.
• Industry standard digital forensics certifications (GCFA, GNFA, GCFE, CFCE, etc.) are a plus.
• Industry standard information security technology certifications (GCIH, GREM, etc.) are a plus.
• Memberships and participation in relevant professional associations is a plus.
• Able to work under pressure in time critical situations.
• Excellent written and verbal communication skills are required.
• Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in non-technical terms.

About Us
JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, we offer discretionary incentive compensation which may be awarded in recognition of firm performance and individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans
About the Team
The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.