Security Operations Vice President

**JOB DESCRIPTION**
Embrace the challenge of maintaining robust digital security, driving operational excellence, and implementing cutting-edge solutions in cybersecurity.

**Job responsibilities**
- Design, implement, and continuously refine advanced threat detection rules, logic, and models in SIEM, EDR, and cloud-native platforms (e.g., Splunk, Sentinel, CrowdStrike, AWS/Azure/GCP).
- Continuously refine detection strategies based on evolving TTPs (MITRE ATT&CK), threat intelligence, and red/purple team feedback.
- Utilize detection-as-code pipelines and SRE principles to build and maintain detections with appropriate versioning, QA, and testing workflows.
- Perform threat model reviews, architecture reviews and detection gap assessments.
- Operationalize MITRE ATT&CK mappings, threat intel insights, and adversary simulation results to develop precise detection logic.
- Map detection coverage against evolving threat landscapes aligning with industry frameworks and internal threat profiles.
- Partner with Threat Intelligence, Red Team, and Incident Response teams to close the feedback loop between detection hypotheses and real-world adversary behavior.
- Evaluate new telemetry sources and support the onboarding, normalization, and enrichment of log sources to ensure high-fidelity data for detection and analytics.
- Mentor junior analysts and engineers in detection logic design, telemetry analysis, and security operations best practices.
- Evaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.

**Required qualifications, capabilities, and skills**
- Bachelor’s Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
- 5+ years of experience in cybersecurity with a core focus on threat detection, security engineering, or SOC operations.
- Expertise in SIEM platforms (e.g., Splunk SPL, KQL, Elastic) with a strong command of query optimization, dashboarding, and alert logic development.
- Advanced understanding of attacker TTPs, malware behaviors, lateral movement techniques, and financial-sector-specific threat actors.
- Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
- Deep familiarity with telemetry from EDRs, Cloud logging (e.g., AWS, Azure, GCP), Windows/Linux event logs, identity platforms (e.g., Azure AD), and public cloud services.
- Ability to research TTPs, analyze raw log and develop high fidelity detections in various tools/languages.
- Proven experience collaborating with SOC, IR, threat intel, or red teams in a fast-paced environment.
- Strong grasp of security frameworks and taxonomies including MITRE ATT&CK, Cyber Kill Chain, NIST, and SIGMA/YARA formats.
- Proficiency in scripting languages such as Python or PowerShell to support automation and enrichment tasks.
- Experience creating and working with Jupyter Notebooks to automate workflows and processes.

**Preferred qualifications, capabilities, and skills**
- Experience with detection-as-code methodologies and tools (e.g., Git-based pipelines, CI/CD for security content).
- Background in cloud security (AWS/GCP/Azure), particularly around detection and log correlation in IaaS and SaaS environments.
- Familiarity with SOAR platforms, and anomaly-based detection techniques.
- Experience leveraging Large Language Models (LLMs) for security use cases such as log parsing, alert triage, threat narrative generation, or threat intelligence summarization.
- Experience in integrating LLMs into detection workflows to enhance context enrichment, rule generation, or automated investigation support.

**ABOUT US**

J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world’s most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

**ABOUT THE TEAM**

The Cybersecurity & Technology Co