Overview
Join to apply for the Sr. Red Team Operator - Cloud Specialty role at JPMorganChase.
As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls line of business, you will contribute to enhancing the firm’s cybersecurity or resiliency posture by using industry-standard assessment methodologies to proactively identify risks and vulnerabilities in people, processes, and technology. You will design and deploy risk-driven tests and simulations, informing analysis to clearly outline root causes. You will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.
Job Responsibilities
* Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to align with the firm’s strategy and regulatory requirements
* Evaluate controls for effectiveness and impact on operational risk, and identify opportunities to automate control evaluation
* Collaborate with cross-functional teams to develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations
* Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations; apply this knowledge to enhance the firm\u2019s assessment strategy and risk management
Required Qualifications, Capabilities, And Skills
* 5+ years of experience in cybersecurity or resiliency, with demonstrated ability to plan, design, and coordinate offensive security testing, assessments, or simulation exercises
* Knowledge of US financial services sector cybersecurity practices, operations risk management processes, regulations, threats, risks, and incident response methodologies
* Ability to identify systemic security or resiliency issues and provide recommendations for enhancements or remediation; proficiency in multiple security assessment methodologies (e.g., OWASP Top Ten, NIST Cybersecurity Framework) and offensive testing tools
* Excellent communication, collaboration, and report-writing skills with the ability to influence stakeholders across functions and levels
* Strong understanding of Windows/Linux/Unix/macOS, vulnerability and exploitation techniques, security tools, networking fundamentals, cloud environments (IaaS/PaaS in AWS, Azure), DevOps, and ability to interpret logs from networking devices and infrastructure services
* Ability to collaborate with high-performing teams to achieve common goals
Preferred Qualifications, Capabilities, And Skills
* Intelligence Community background and relevant certifications (e.g., OSCP, OSEP, OSED, OSEE, OSCE; CREST, SANS certifications)
* Knowledge of malware packing, obfuscation, persistence, exfiltration techniques, and understanding of financial sector or large security and IT infrastructures
* Hands-on experience developing proof-of-concept exploits and in-house scripting (Python, Ruby, Perl) or compiled languages (C/C++, C#, Java); familiarity with Firewalls, IDS/IPS, Web Proxies, DLP; ability to visually present complex penetration testing results
* Experience with cloud-based environments (AWS, Azure, GCP) and Kubernetes; experience with AI/ML technologies used in Red Teaming
* Experience with Agile methodologies; familiarity with common frameworks is highly desired
About Us
JPMorgan Chase & Co. is a global financial services firm that aligns the firm\u2019s cybersecurity, access management, controls and resiliency teams to enable business success while keeping the firm safe, stable and resilient.
We are an equal opportunity employer and place a high value on diversity and inclusion. We do not discriminate on the basis of protected attributes and provide reasonable accommodations for religious practices, beliefs, or disability needs. Visit our FAQs for more information about accommodations.
Job Details
* Seniority level: Not Applicable
* Employment type: Full-time
* Job function: Information Technology
#J-18808-Ljbffr