Assessments and Exercises Vice President – Offensive Security at JPMorgan Chase & Co. – Plano, TX, United States

Contribute to leading security and resilience efforts, develop protection strategies, and drive continuous improvement.

As Vice President of Assessments & Exercises in the Cyber ​​and Tech Controls business, you will significantly contribute to improving the organization’s cybersecurity posture by leveraging industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and implement risk-driven tests and simulations (or manage a highly skilled team to do so) and inform analysis to clearly outline root causes. In this role, you will evaluate preventive controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

Job Responsibilities

• Design and execute tests and simulations, such as penetration tests, adversary emulation assessments, collaborative technical controls assessments, and cyber exercises, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with company strategy and compliance with regulatory requirements.
• Evaluate the effectiveness of controls and their impact on operational risks, as well as opportunities to automate control evaluation
• Work closely with cross-functional teams to develop comprehensive assessment reports, including detailed findings, risk assessments and remediation recommendations, and make data-driven decisions that encourage continuous improvement.
• Use threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to improve the company’s assessment strategy and risk management. Collaborate with peers and industry groups that share threat intelligence analysis

Required qualifications, abilities and skills

• 5+ years of experience in cybersecurity, with proven exceptional organizational skills to plan, design and coordinate the development of offensive security tests, assessments or simulation exercises
• Knowledge of U.S. financial services industry cybersecurity practices, operational risk management processes, principles, regulations, threats, risks, and incident response methodologies
• Ability to identify systemic security issues related to threats, vulnerabilities, or risks, with emphasis on recommendations for improvements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework) and offensive security testing tools
• Excellent communication, collaboration and reporting skills, with the ability to document and explain complex technical details in a concise, understandable manner to individuals from a variety of technical and non-technical backgrounds
• In-depth knowledge of the following topics: Windows/Linux/Unix/Mac operating systems; operating system and software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post-exploitation (e.g., Cobalt Strike, Metasploit, Burp Suite); network fundamentals (all OSI layers, protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public (AWS, Azure) environments; DevOps; incident response; threat hunting; and familiarity with interpreting log output from network devices, operating systems, and infrastructure services
• Experience with manual penetration testing and assessments (outside of running automated tools) for a wide range of applications including web, mobile and thick clients, internal and external infrastructures

Desired qualifications, abilities and skills

• Have relevant industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or those offered by Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), CREST (Certified Simulated Attack Specialist, Registered Penetration Tester, Certified Infrastructure Tester) or SANS (GPEN, GXPN, GWAPT), which demonstrate advanced expertise in cybersecurity and offensive testing methodologies.
• Technical knowledge or experience developing proof-of-concept exploits and in-house scripting, using interpreted languages ​​such as Python, Ruby or Perl, compiled languages ​​such as C, C++, C# or Java, and security tools or technology such as firewalls, IDS/IPS, web proxies and DLP
• Background in intelligence/security services, knowledge of malware packaging, obfuscation, persistence, exfiltration techniques and insight into the financial sector or other major security and IT infrastructures
• Experience consulting log sources within large centralized logging platforms such as Splunk, Elastic, Cloudera

JPMorgan Chase & Co., one of the oldest financial institutions, provides innovative financial solutions to millions of consumers, small businesses and many of the world’s leading corporate, institutional and government clients under the JP Morgan and Chase brands. With a history spanning more than 200 years, today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We offer a competitive total compensation package including base salary determined by role, experience, skills and location. For those in qualifying roles, we offer discretionary incentive compensation that may be awarded in recognition of company and individual performance and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive healthcare coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the application process.

We recognize that our people are our strength and that the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and are committed to diversity and inclusion at our company. We do not discriminate on the basis of any protected characteristic, including race, religion, color, national origin, sex, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected by applicable law. We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. For more information on requesting an accommodation, please visit our FAQs.

JPMorgan Chase is an equal opportunity employer, including disabled/veterans