Offensive Validation

Job Description Senior Cybersecurity Offensive Validation
Working as an Offensive Engineer, you will be tasked with leveraging existing technology incubation environments, and building new ones, to test the ability of a wide variety of controls to prevent, detect and contain various attacker techniques, tactics, and procedures (TTP). You will develop new test tooling which can be used by application and control owners to assess their security control effectiveness. Working with a team of security architects, red teamers, and pen testers, you will work on root causing common thematic security weaknesses and on cross-department initiatives to assess target state architectures and pilots for strategic soundness. At the end of the day, your work will have tremendous and positive impact, whether it's in-house, in collaboration with technologists across JPMorgan Chase & Co.'s global technology community.
This role requires a wide breadth of strengths and capabilities, including:

• BS/BA degree, or equivalent professional experience, or equivalent demonstrated technical security and/or development experience (e.g., OSS projects, bug bounty submissions, etc.)
• Experience in developing technical solutions to security and business problems through proof-of-concept implementations/solutions
• Experience in going beyond individual security bugs and looking at addressing root cause security issues
• Experience in discovering and communicating technical risk to business leaders and other engineers
• Experience in working collaboratively in team setting and in developing meaningful relationships to achieve common business goals
• 4+ year background of technical experience across at least one of the following:
  • Red teaming
  • penetration testing
  • bug bounty programs
  • Vulnerability identification, exploit/POC creation, & technical mitigation proposals
• Demonstrably strong technical understanding of at least three of the following:
  • Application security
  • Network security
  • Systems security e.g., user/kernel-space controls
  • Cloud systems and architecture
  • Security tool writing and automation
  • Established industry threat frameworks, e.g. MITRE ATT&CK, STRIDE, and CAPEC

About Us JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.
The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the "WELL Health-Safety Rating" for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.
As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm's current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm's vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set, and location. For those in eligible roles, discretionary incentive compensation which may be awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
Equal Opportunity Employer/Disability/Veterans
About the Team The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.