Security Analyst - UK - JPMC

Key Responsibilities:

Design, implement, and maintain security controls and policies for AWS cloud infrastructure.

Conduct regular security assessments, audits, and penetration testing on AWS resources.

Monitor cloud infrastructure for security threats and respond to incidents.

Deeply understand AWS operational and technical control environment to demonstrate and communicate control posture to stakeholders. 

 

Implement and Maintain Controls:

Implement, maintain, and monitor security controls within AWS environments, including access controls, encryption, and other security configurations. 

 

Incident Response:

Investigate and analyze security incidents, identify root causes, and develop strategies to mitigate risks and prevent future breaches. 

 

Compliance:

Assist with compliance efforts by gathering and managing evidence, and by providing guidance on best practices for meeting compliance requirements. 

 

Security Assessments:

Conduct security assessments, vulnerability testing, and risk analysis to identify potential weaknesses in AWS environments. 

 

Audits:

Participate in internal and external security audits, ensuring that AWS infrastructure meets audit requirements. 

 

Documentation:

Maintain thorough documentation on the security status of AWS infrastructure, including security policies, procedures, and incident response plans. 

 

Training and Education:

Provide training and education to other team members and stakeholders on AWS security best practices. 

 

Stay Updated:

Keep abreast of the latest security threats and vulnerabilities, and adapt security measures accordingly. 

 

Required Skills and Experience:

• AWS Expertise: Strong understanding of AWS services, architecture, and security features. 

 

• Security Knowledge: Knowledge of security principles, best practices, and relevant security standards (e.g., NIST, ISO 27001). 

 

• Analytical Skills: Ability to analyze data, identify patterns, and troubleshoot security issues. 

 

• Communication Skills: Ability to communicate complex security concepts to technical and non-technical audiences. 

 

• Problem-Solving Skills: Ability to identify and resolve security issues in a timely and effective manner. 

 

• Experience: Experience in information security, cloud security, or related fields. 

 

• Certifications: Industry-recognized certifications such as CISSP, CEH, or AWS Security certifications are a plus. 

 

Example Responsibilities (depending on the specific role):

• Security Analyst (Compliance): Focus on demonstrating compliance with regulatory requirements (e.g., SOC 2, HIPAA). 

 

• Security Analyst (Incident Response): Lead efforts to investigate and respond to security incidents within AWS. 

 

• Security Analyst (Infrastructure): Focus on securing AWS infrastructure and services, including networking, storage, and compute. 

Qualifications:

Required:

Bachelor’s degree in Computer Science, Information Security, or related field.

3+ years of experience in cloud security, with a focus on AWS.

Deep knowledge of AWS security services and architecture.

Experience with SIEM tools and cloud security posture management (CSPM) tools.

Familiarity with infrastructure-as-code (Terraform, CloudFormation).

Strong understanding of networking, encryption, IAM, and security best practices.

Preferred:

AWS Certified Security – Specialty or equivalent certification.

Experience with multi-account AWS environments and AWS Organizations.

Prior involvement in incident response and digital forensics in cloud environments.