Security Operations Vice President

As Vice President in the Cybersecurity Perimeter Response Team at JPMorganChase, you will play a critical role in defending the Firm's digital perimeter against sophisticated Layer 3/4 and Layer 7 DDoS attacks.

You will personally create, test, implement, and monitor web application firewall (WAF) and DDoS policy across platforms such as Akamai, Cloudflare, AWS WAF, and F5, ensuring robust protection for our global enterprise.

This hands-on position involves incident response, but is primarily focused on continuous evaluation and uplift of security policy for the Firm's internet-exposed services.

Key Responsibilities:


* Investigate anomalous network traffic patterns and events, collaborating with application teams, subject matter experts, and senior management.


* Develop, maintain, and optimize DoS and WAF policies to protect the Firm, balancing operational risk and security posture.


* Identify, document, and mitigate risks from emerging threats, leveraging intelligence from peer organizations.


* Test and validate policy rules and signatures for effectiveness and applicability.


* Profile new and existing applications, mapping them to appropriate perimeter security policies.


* Deliver incident response support for DoS, DDoS, and related application attacks.


* Provide regular activity and progress reporting to Cyber Operations management.


* Follow best practices in threat recognition, pattern analysis, and surveillance detection to establish efficient, high-quality security processes.


* Note: this is neither a management nor auditing-related role.

Required Qualifications, Capabilities, and Skills:


* Formal training or certification with 5+ years of experience in cybersecurity operations, security system management, or related roles.


* 3+ years of hands-on WAF administration experience with perimeter defense infrastructure such as Akamai, Cloudflare, F5, etc.

(custom signature authoring, deployment governance, patching, efficacy evaluation, policy testing).


* Network performance management (e.g., troubleshooting server response and routing issues) or Web application development/administration (troubleshooting web servers, application stacks, containers, OS, micro-services, and API/data validation errors).


* TCP/IP network administration, optimization, and troubleshooting.


* Incident response for inbound application attacks, with experience in a formal Security Operations Center (SOC) and proficiency in distinguishing suspicious from benign internet sources.

Preferred Qualifications, Capabilities, and Skills:


* Direct, hands-on experience with perimeter defense infrastructure systems.


* Direct, hands-on experience with SIEM tools (e.g., Splunk) and complex search compilation.


* Application development skills, including scripting (Python/Java), regular expressions, and proof-of-concept creation for zero-day exploits.


* Previous 24x7 operations experience.
...