Location: Houston, TX, United States

As Vice President in the Cybersecurity Perimeter Response Team at JPMorganChase, you will play a critical role in defending the Firm’s digital perimeter against sophisticated Layer 3/4 and Layer 7 DDoS attacks. You will lead the configuration and deployment of web application firewall (WAF) signatures across platforms such as Akamai, Cloudflare, AWS WAF, and F5, ensuring robust protection for our global enterprise.

Key Responsibilities:

• Investigate anomalous network traffic patterns and events, collaborating with application teams, subject matter experts, and senior management.
• Develop, maintain, and optimize DoS and WAF policies to protect the Firm, balancing operational risk and security posture.
• Identify, document, and mitigate risks from emerging threats, leveraging intelligence from peer organizations.
• Test and validate policy rules and signatures for effectiveness and applicability.
• Profile new and existing applications, mapping them to appropriate perimeter security policies.
• Deliver incident response support for DoS, DDoS, and related application attacks.
• Provide regular activity and progress reporting to Cyber Operations management.
• Follow best practices in threat recognition, pattern analysis, and surveillance detection to establish efficient, high-quality security processes.

Required Qualifications, Capabilities, and Skills:

• Formal training or certification with 5+ years of experience in cybersecurity operations, security system management, or related roles.
• Network performance management (e.g., troubleshooting server response and routing issues).
• WAF administration (custom signature authoring, deployment governance, patching, efficacy evaluation, policy testing).
• Web application development/administration (troubleshooting web servers, application stacks, containers, OS, micro-services, and API/data validation errors).
• TCP/IP network administration, optimization, and troubleshooting.
• Incident response for inbound application attacks, with experience in a formal Security Operations Center (SOC) and proficiency in distinguishing suspicious from benign internet sources.

Preferred Qualifications, Capabilities, and Skills:

• Experience with SIEM tools (e.g., Splunk) and complex search compilation.
• Application development skills, including scripting (Python/Java), regular expressions, and proof-of-concept creation for zero-day exploits.
• Previous 24x7 operations experience.
• 1+ years of cybersecurity operations experience, including threat and risk assessment documentation.

#CTC