Senior Cybersecurity Incident Response Analyst

Location: LONDON, United Kingdom

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of cybersecurity in the global financial services industry, safeguarding trillions in assets against evolving threats. As a Senior Cybersecurity Incident Response Analyst in our London-based Security Operations Center (SOC), you will play a pivotal role in protecting our clients and operations from sophisticated cyber attacks. This position within Cybersecurity Operations demands a proactive approach to threat investigation, where you will dive deep into incidents affecting our banking, investment, and asset management divisions. Your work will ensure compliance with stringent regulations like those from the Financial Conduct Authority (FCA) and contribute to maintaining the trust of our worldwide clientele. In this senior role, you will lead the analysis of complex cybersecurity events, from initial detection to full resolution, utilizing advanced tools for threat hunting and file dissection. Expect to collaborate with cross-functional teams across EMEA and globally, responding to incidents that could impact high-value financial transactions. You will hunt for hidden threats in our vast digital ecosystem, analyze malware samples, and develop strategies to fortify our defenses against industry-specific risks such as phishing campaigns targeting executives or state-sponsored intrusions into trading systems. Your expertise will directly influence the resilience of JP Morgan Chase's infrastructure, helping us stay one step ahead in the dynamic landscape of financial cyber threats. We value innovation and continuous learning, offering opportunities to engage with cutting-edge technologies and contribute to thought leadership in cybersecurity. Joining JP Morgan Chase means being part of a prestigious firm committed to ethical practices and employee growth, where your contributions can shape the future of secure banking. If you thrive in a high-stakes environment and are passionate about defending financial integrity, this role provides the platform to excel and advance your career.

Key Responsibilities

• Investigate and analyze cybersecurity threats, including advanced persistent threats (APTs) targeting financial institutions
• Conduct proactive threat hunting across JP Morgan Chase's network and endpoints to identify potential risks
• Perform detailed file and malware analysis using tools like IDA Pro or Wireshark to dissect attack vectors
• Lead incident response efforts, coordinating with global teams to contain, eradicate, and recover from security incidents
• Develop and maintain playbooks for incident response tailored to financial services threats such as ransomware and insider threats
• Collaborate with risk and compliance teams to ensure incidents align with regulatory reporting requirements
• Monitor and triage alerts from SIEM systems, prioritizing based on impact to critical banking operations
• Contribute to post-incident reviews and lessons learned to enhance JP Morgan Chase's cybersecurity posture
• Stay abreast of emerging threats in the financial sector and recommend defensive measures
• Mentor junior analysts and support knowledge sharing within the SOC team

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 5 years of experience in cybersecurity operations, with at least 3 years focused on incident response in a financial services environment
• Proven track record in investigating and responding to cybersecurity incidents, including malware analysis and threat hunting
• Strong understanding of regulatory requirements such as GDPR, PCI-DSS, and financial sector-specific standards like those from the FCA
• Experience with Security Information and Event Management (SIEM) tools and endpoint detection platforms
• Ability to obtain and maintain relevant security certifications (e.g., CISSP, GIAC)
• Excellent analytical and problem-solving skills with the ability to work under pressure in a high-stakes financial environment

Preferred Qualifications

• Advanced degree or certifications in cybersecurity (e.g., GCIH, GCFA)
• Experience in a global financial institution, particularly with cross-border incident response
• Familiarity with cloud security in AWS, Azure, or similar environments used by JP Morgan Chase
• Prior involvement in threat intelligence sharing within financial sector communities like FS-ISAC
• Knowledge of scripting for automation in incident response workflows

Required Skills

• Proficiency in SIEM tools such as Splunk or ELK Stack
• Expertise in endpoint detection and response (EDR) platforms like CrowdStrike or Microsoft Defender
• Strong knowledge of networking protocols and financial transaction systems
• Malware reverse engineering and forensic analysis skills
• Scripting in Python, PowerShell, or Bash for automation
• Understanding of threat intelligence frameworks like MITRE ATT&CK
• Analytical thinking and attention to detail
• Effective communication for reporting to stakeholders
• Ability to collaborate in a team-oriented environment
• Adaptability to fast-paced, 24/7 operational demands
• Knowledge of compliance standards in financial services
• Problem-solving under high-pressure scenarios
• Familiarity with cloud security controls
• Incident documentation and reporting expertise
• Ethical hacking and penetration testing basics

Benefits

• Competitive base salary and performance-based annual bonuses
• Comprehensive health, dental, and vision insurance coverage
• Generous retirement savings plan with company matching contributions
• Paid time off including vacation, sick leave, and parental leave
• Professional development opportunities with access to training and certifications
• Employee assistance programs for mental health and wellness support
• Flexible working arrangements, including hybrid options in London
• Global mobility programs and career advancement within JP Morgan Chase

JP Morgan Chase is an equal opportunity employer.