Attack Analysis Head of Operations (EMEA)

JP Morgan

Location: Greater London

Job Type: Full time


JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at


Reporting to the Global Head of Attack Analysis, the Head of Attack Analysis Operations will lead one of the regional teams to provide proactive 24 x 7 monitoring of the JPMC information environment to detect, analyze, track, and mitigate external threats. You will provide oversight and direction of the Cyber Security Operation Center team in New York, London or Singapore.

Core Responsibilities:

  • Oversight and direction of attack analysis operations team that monitors JPMC networks and systems from one of the three strategic Cyber Security Operations Centers (New York City, London, Singapore)
  • Oversee a team of 15+ analysts providing 24x7x365 follow the sun monitoring and detection coverage
  • Provide technical leadership and oversee critical issues, ensuring escalation, mitigation, and root cause
  • Maintain and enhance the adversary detection strategy of a regional team aligned to line of business monitoring requirements
  • Work closely with Cybersecurity Intelligence Group to accelerate ability to uncover and track advanced cyber threats
  • Support the development and execution of firm wide operational processes for incident response
  • Process development and improvement to focus on effectiveness of threat identification and detection
  • Integration with cybersecurity technology and engineering to ensure operational capabilities are aligned to threat environment
  • Maintain a strong focus on quality management, operational reporting, and performance metrics
  • Full concept of operations development, leadership of regional attack analysis operations, and execution of presentations to executive leadership


  • Demonstrated experience leading cyber security operations centers who collaborate with globally distributed teams
  • Demonstrated experience in driving a robust monitoring and detection methodology
  • Understanding of intelligence-driven approaches to and the ability apply to network defense strategy
  • Subject matter expert in incident response management and execution with a working knowledge of network forensics technology and procedures
  • Deep understanding and management of the talent required in delivery of a world class capability
  • Experience working across multiple lines of business in a corporate function
  • Executive presence, strong ability to communicate written and verbally upward, to peers, and staff
  • Able to brief Executive and C-level Management on sensitive issues in real-time


  • This role will have supervisory responsibilities. As such, a minimum of five years’ experience leading teams of various sizes is a must
  • 10+ year's Cyber Security Incident Response, Cyber Security Operations Center and/or Attack Analysis in a large, mission-critical environment with a background in the following:
    • Advanced knowledge and execution of adversary detection strategies
    • In-depth knowledge of network intrusion methods, network containment, and segregation techniques
    • In-depth knowledge of operating systems (Windows & UNIX, Mac OS X a plus)
    • Expert understanding of TCP/IP networking, routing protocols and full packet capture analysis
    • In-depth network security expertise including firewall, IDS and IPS
    • Experience building baselines of network activity for use in anomaly detection
    • Experience with proactive threat hunting techniques and concepts in an enterprise environment
    • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
    • Knowledge of enterprise systems and infrastructure
    • Proven understanding of log parsing and analysis at a large scale with data clustering tools or techniques
    • Experience with a scripting language such as Perl, Ruby, Python, and BASH
    • Bachelor's Degree in Computer Science or related field
    • Master’s Degree in Engineering, Business Management, or Technology related fields a major plus

This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment

You’ve got this!