Cyber Intelligence Director

J.P. Morgan

J.P. Morgan

Plano, TX, USA

Posted on Jun 9, 2026
Apply now

This is a senior, highly technical role within CRAFT, built for complex problem-solving beyond standard operational procedures . You will work across stealthy, long-dwell intrusion patterns and advanced tradecraft including credential abuse, supply chain targeting, living-off-the-land techniques, custom malware, infrastructure obfuscation, and exploitation of emerging vulnerabilities, including potential AI-augmented attacker behavior. Success looks like faster, higher-confidence investigative outcomes, stronger detections, and reduced dependency on ad hoc support from already constrained operational teams.

Hands-on technical research and analysis of cyber espionage activity, including APT TTPs, adversary infrastructure, and intrusion lifecycle behaviors, and you will translate technical detail into clear, actionable guidance for operational response.

You will augment CyberOps during high-priority incidents by providing rapid investigation support, hypothesis-driven analysis, and durable outputs such as detection logic, enrichment, and incident-ready playbook improvements.

You will build practical technical solutions like scripts, automation, enrichment tools, detection prototypes, and AI-assisted analysis workflows, that shorten time-to-answer and raise consistency across investigations .

You will drive deeper research into nation-state threats, emerging vulnerabilities, supplier risk, AI-enabled threat activity, and targeted campaigns relevant to the firm, producing outputs that directly inform operational readiness and prioritization.

You will bridge intelligence, attack analysis, vulnerability management, and supplier threat response by enabling two-way collaboration across CyberOps

Required Qualifications:

Over 20+ years of conducting technical intrusion analysis and cyber threat research focused on sophisticated adversaries (espionage-aligned tradecraft).

Demonstrated ability to produce operationally useful outcomes: detections, enrichment, triage improvements, and clear technical write-ups that drive action.

Strong understanding of attacker behaviors across credential misuse, persistence, lateral movement, data staging, covert exfiltration, and stealth techniques .

Proven capability to build and maintain lightweight automation to support investigations (scripts, parsers, enrichment utilities, workflow tooling).

Strong judgment handling sensitive information and operating within controlled security and risk constraints.

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans

Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers and employees up for success.
CRAFT (Cyber Research and Analysis Fusion Team) is seeking a high-impact technical specialist to accelerate our ability to detect, investigate, and respond to high skilled threat actor activity targeting the financial sector. The role focuses on hands-on threat research, adversary tradecraft analysis, and rapid technical support during high-priority incidents, with a strong emphasis on turning findings into practical outcomes for our cyber security operations. A core expectation is the ability to evaluate and responsibly apply frontier AI models to improve research velocity, detection quality, and investigative efficiency without compromising security.
Apply now
See more open positions at J.P. Morgan