Security Operations Vice President - Senior Threat Detection Engineer

Job Description
Embrace the challenge of maintaining robust digital security, driving operational excellence, and implementing cutting-edge solutions in cybersecurity.
As a Security Operations Vice President in Cybersecurity & Tech Controls, you will be a technical leader in our Cyber Defense function, enhancing our capabilities to detect, prevent, and disrupt sophisticated cyber threats across a complex hybrid enterprise. You will design scalable detection solutions and play a key role in our detection-as-code framework, ensuring comprehensive coverage across endpoints, networks, cloud infrastructure, and critical business systems. Collaborating closely with Security Operations Center (SOC) analysts, threat hunters, red team members, and internal security engineering teams, you will develop scalable, high-fidelity detections using logs, telemetry, and behavioral analytics from diverse data sources. The ideal candidate will have SOC experience, a passion for researching TTPs and the threat landscape, and the ability to translate this research into high-quality detections.
As a technical lead, your responsibilities will include advanced analysis, threat hunting, evaluating new security technologies, and ensuring the integration of larger technology projects into the Cyber Defense team and monitoring function. You will apply advanced analytical, technical, and problem-solving skills to achieve operational excellence and implement innovative solutions to tackle complex security challenges.
Job responsibilities

• Design, implement, and continuously refine advanced threat detection rules, logic, and models in SIEM, EDR, and cloud-native platforms (e.g., Splunk, Sentinel, CrowdStrike, AWS/Azure/GCP).
• Continuously refine detection strategies based on evolving TTPs (MITRE ATT&CK), threat intelligence, and red/purple team feedback.
• Utilize detection-as-code pipelines and SRE principles to build and maintain detections with appropriate versioning, QA, and testing workflows.
• Perform threat model reviews, architecture reviews and detection gap assessments.
• Operationalize MITRE ATT&CK mappings, threat intel insights, and adversary simulation results to develop precise detection logic.
• Map detection coverage against evolving threat landscapes aligning with industry frameworks and internal threat profiles.
• Partner with Threat Intelligence, Red Team, and Incident Response teams to close the feedback loop between detection hypotheses and real-world adversary behavior.
• Evaluate new telemetry sources and support the onboarding, normalization, and enrichment of log sources to ensure high-fidelity data for detection and analytics.
• Mentor junior analysts and engineers in detection logic design, telemetry analysis, and security operations best practices.
• Evaluate and enhance the organization's security posture by staying current with industry trends, emerging threats, and regulatory requirements, driving innovation and process improvements.

Required qualifications, capabilities, and skills

• Bachelor's Degree in Computer Science, Cybersecurity, Data Science, or related disciplines
• 5+ years of experience in cybersecurity with a core focus on threat detection, security engineering, or SOC operations.
• Expertise in SIEM platforms (e.g., Splunk SPL, KQL, Elastic) with a strong command of query optimization, dashboarding, and alert logic development.
• Advanced understanding of attacker TTPs, malware behaviors, lateral movement techniques, and financial-sector-specific threat actors.
• Experience with threat hunting on a large, enterprise network both as an individual and leading hunting exercises with other team members.
• Deep familiarity with telemetry from EDRs, Cloud logging (e.g., AWS, Azure, GCP), Windows/Linux event logs, identity platforms (e.g., Azure AD), and public cloud services.
• Ability to research TTPs, analyze raw log and develop high fidelity detections in various tools/languages.
• Proven experience collaborating with SOC, IR, threat intel, or red teams in a fast-paced environment.
• Strong grasp of security frameworks and taxonomies including MITRE ATT&CK, Cyber Kill Chain, NIST, and SIGMA/YARA formats.
• Proficiency in scripting languages such as Python or PowerShell to support automation and enrichment tasks.
• Experience creating and working with Jupyter Notebooks to automate workflows and processes.

Preferred qualifications, capabilities, and skills

• Experience with detection-as-code methodologies and tools (e.g., Git-based pipelines, CI/CD for security content).
• Background in cloud security (AWS/GCP/Azure), particularly around detection and log correlation in IaaS and SaaS environments.
• Familiarity with SOAR platforms, and anomaly-based detection techniques.
• Experience leveraging Large Language Models (LLMs) for security use cases such as log parsing, alert triage, threat narrative generation, or threat intelligence summarization.
• Experience in integrating LLMs into detection workflows to enhance context enrichment, rule generation, or automated investigation support.

About Us
J.P. Morgan is a global leader in financial services, providing strategic advice and products to the world's most prominent corporations, governments, wealthy individuals and institutional investors. Our first-class business in a first-class way approach to serving clients drives everything we do. We strive to build trusted, long-term partnerships to help our clients achieve their business objectives.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
About the Team
The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.