Cyber Security Vulnerability Management Operations Senior Analyst

JP Morgan

Location: Greater London

Job Type: Full time


Working in Cybersecurity takes a passion for balancing technology with determining the inherent risk of a vulnerability by balancing preventative controls against known exploits, and above all, vigilance in keeping JPMC technology secure for our customers & clients. You’ll be on the front lines of managing vulnerabilities by making critical decisions on the inherent risk to the infrastructure or the application itself and thus the risk to the firm clients & customers. You will be working with a highly-motivated team laser-focused on analyzing, scoping, developing and delivering solutions built to stop adversaries and strengthen our security posture. Your research and work will ensure stability and resiliency of our current technology products, emerging technology and our vast application estate. Working in tandem with various internal teams both in Cyber and various Line of Business partners, as well as technologists and innovators across our global network, by leading the positive actions that will stop adversaries and strengthen customer’s confidence.


As a Vulnerability Management Operations - Senior Response Analyst, you will be a key member of the EMEA team, providing a bridge between the APAC and NA regions as part of a follow-the-sun global team. You will work directly with Line of Business Application Teams, Subject Matter Experts, Production Management Teams, Product Owners, Senior Technology Management, and Risk and Control functions on:

  • Review new vulnerabilities published from multiple sources and identify those that may pose risk to the firm or its subsidiaries.
  • Define an accurate risk rating in line with proprietary and industry standard risk rating methodologies.
  • Identifying the impacted assets and/or application(s) at risk.
  • Document the vulnerability providing a detailed write up on the risk and exposure.
  • Confirm any risk mitigation factors and define the remediation activity if known.

In addition, the successful candidate will need to:

  • Be operationally focused and enjoy working in a dynamic environment, with the day-to-day focus on quick and timely risk reduction activities.
  • Drive the global teams’ daily workflow, undertaking daily case-load analysis and prioritisation.
  • Represent the global team and be the technical lead during EMEA hours on major incidents impacting the Vulnerability Management space.
  • Demonstrate the ability to develop and form strong working relationships with the partnering Cyber Operations functions and key technology leaders in the region.
  • Provide technical leadership within the team, mentoring and guiding junior team members.
  • Be a self-starter who will take the initiative while being able to work independently and challenge the status quo.


  • 5 years’ experience in a Cyber Operations/Vulnerability Management role with a strong knowledge of operational processes supporting Vulnerability Management and the wider SOC; with the ability to demonstrate comprehension of the end-to-end Vulnerability Management workflow (to include industry standards such as CVE, CPE, CVSS).
  • Proven experience in command & control practices like Incident Management and/or Cyber incident response methodologies.
  • Strong and broad understanding of Cyber Security Controls (Physical, Logical, Processes and Procedures)
  • Strong and broad understanding of leading vendor products/applications e.g., Oracle [Java], VMWare, F5, Citrix, Microsoft; to include product lifecycle & release schedules.
  • Strong and broad understanding of open-source software deployment in a large technology estate.
  • Strong understanding of Cloud and Public/Private Cloud environments.
  • Strong deductive reasoning, multi-tasking, critical thinking, problem solving, and prioritization skills.
  • Familiarity with Cyber scanning tools including Qualys, Snyk, CrowdStrike, and other tools is an advantage.
  • Experience of working with data sources via SQL, JSON, APIs and Splunk will be highly beneficial.
  • Experience with Agile and experience working to manage remediation actions via an active backlog and Jira an advantage.
  • Previous 24 x 7 operations experience.
  • BS/BA degree or equivalent experience.

Your expertise in Cyber, combined with your desire to provide innovative security services, will be an asset to our Cybersecurity team. Help deliver high-quality secure solutions across all our lines of business around the world by creating, designing, implementing, and maintaining next-level technology. The work you’ll do is vital, as it will protect over $18 trillion of assets under custody and $393 billion in deposits every day.

When you work at JPMorgan Chase & Co., you’re not just working at a global financial institution. You’re an integral part of one of the world’s biggest tech companies. In 14 technology hubs worldwide, our team of 40,000+ technologists design, build and deploy everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning, and cloud development. Our $9.5B+ annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry, but also change the world.

At JPMorgan Chase & Co. we value the unique skills of every employee, and we’re building a technology organization that thrives on diversity. We encourage professional growth and career development, and offer competitive benefits and compensation. If you’re looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world, we want to meet you.

@2024 JPMorgan Chase & Co. JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran