Red Team Operator at JPMorgan Chase & Co. – LONDON, United Kingdom

Working in cybersecurity requires pure passion for technology, speed, a constant desire to learn and, above all, vigilance in keeping every last asset safe and sound. You’ll be on the front lines of innovation, working with a highly motivated team focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. Your research and work will ensure the stability, capacity and resilience of our products and emerging industry trends. By working with your internal team, as well as technologists and innovators across our global network, your ability to identify threats, provide intelligent analytics, and take positive actions will stop adversaries and strengthen our data.

JPMC’s Assurance Operations organization wants to expand its activities Red team with an experienced one Red team operator. The primary focus of this role will be on conducting offensive activities as part of Red Team engagements against critical JPMC assets. The successful candidate will have a proven track record of conducting network operations operations, including Red Team operations. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around the fundamentals of computer networking, modern threats and vulnerabilities, attack methodologies and penetration testing tools.

This feature is expected to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to more extensive screening, which includes both criminal and credit checks, and/or other enhanced screening at the time they accept the position and on an annual basis thereafter. The comprehensive screening must be successfully completed prior to employment or commencement of employment.

Qualifications:

This role requires a wide range of strengths and abilities, including:

• BS/BA degree or equivalent through experience
• Excellent command of cybersecurity organizational practices, operational risk management processes, principles, architectural requirements, engineering, and threats and vulnerabilities, including incident response methodologies
• Ability to analyze vulnerabilities, threats, designs, procedures and architectural design, produce reports and share information
• 3+ years of experience in one or more of the following industries: penetration testing of cloud-based environments, network penetration testing, application penetration testing (web, mobile), conducting Red Team operations, application security assessments, and network operations operations. Candidates must have the ability to conduct targeted, covert penetration testing involving vulnerability identification, exploitation and post-exploitation activities without or with minimal use of automated tools
• Strong understanding of the following: Windows/Linux/Unix/Mac operating systems; Vulnerability and exploitation techniques of operating systems and software; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite); network foundations (all
• OSI layers, protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public environments (AWS, Azure); DevOps; incident response; hunting threats; and familiarity with interpreting log output from network devices, operating systems, and infrastructure services
• Preferred qualifications include: Intelligence Community/Security Services background, relevant certifications such as those offered by Offensive Security (OSCP, OSEP,
• OSWE, OSED, OSEE, OSCE), CREST (Certified Simulated Attack Specialist, Registered Penetration Tester, Certified Infrastructure Tester, Certified Simulated Attack Specialist), SANS (GPEN, GXPN, GWAPT), knowledge of malware packing, obfuscation, persistence, exfiltration techniques and insight into the financial sector or other major security and IT infrastructures
• Technical knowledge or experience developing proof-of-concept exploits and internal scripting, using interpreted languages ​​such as Python, Ruby, or Perl, compiled languages ​​such as C, C++, C#, Go, or Java, and security tools or technology such as Firewalls, IDS/IPS, Web Proxies, DLP and the ability to articulate and visually present complex penetration testing and Red Team results are highly desirable
• Ability to collaborate with high-performing teams and individuals within the company to achieve common goals
• Experience with Agile and the ability to work with at least one of the common frameworks is highly desirable.

The Cybersecurity & Technology Controls group at JPMorgan Chase aligns the company’s cybersecurity, access management, controls and resiliency teams. The group works proactively and strategically with all industries and functions to enable them to design, implement and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and encourage automation of controls. The group’s first priority is to enable the business by keeping the business safe, stable and resilient.

We’re looking for multidisciplinary, forward-looking technologists like you with diverse backgrounds and experiences, including in areas such as cybersecurity, big data, machine learning risk management and controls, compliance and surveillance, and cloud security.

If you work at JPMorgan Chase & Co. works, you don’t just work at a global financial institution. You are an integral part of one of the world’s largest technology companies. In 14 technology hubs around the world, our team of more than 60,000 technologists designs, builds and implements everything from enterprise technology initiatives to big data and mobile solutions, as well as innovations in electronic payments, cybersecurity, machine learning and cloud development. Our annual investment of more than $15 billion in technology allows us to hire people to create innovative solutions that will not only transform the financial services industry, but change the world.

At JPMorgan Chase & Co. we value the unique skills of every employee, and we are building a technology organization that thrives on diversity. We encourage professional growth and career development and offer competitive benefits and compensation. If you want to build your career as part of a global technology team tackling big challenges that impact the lives of people and businesses around the world, we’d like to meet you

JP Morgan is a global leader in financial services, providing strategic advice and products to the world’s leading corporations, governments, high net worth individuals and institutional investors. Our first-class business in a first-class way of serving customers drives everything we do. We strive to build reliable, long-term partnerships to help our customers achieve their business goals.

We recognize that our people are our strength and that the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and value diversity and inclusion within our company. We do not discriminate on the basis of any protected characteristic, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law . We also make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs. For more information about requesting an accommodation, please visit our FAQs.