Red Team Operator
Red Team Operator
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Description
As an Assessments & Exercises Senior Associate in the Cybersecurity and Technology Controls line of business you will contribute significantly to enhancing the firms cybersecurity or resiliency posture by using industrystandard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people processes and technology. Design and deploy riskdriven tests and simulations and inform analysis to clearly outline rootcauses. In this role you will evaluate preventative controls incident response processes and detection capabilities and advise crossfunctional teams on security strategy and risk management.
JPMCs Assurance Operations organization is looking to expand its Cybersecurity Red Team with an experienced Red Team Operator specialized inCloudbased environmentsor AI/ML technologies.The successful candidate will have a proven track record in conducting Red Team operations. Additionally the candidate will be able to demonstrate indepth knowledge and experience around computer networking fundamentals modern threats and vulnerabilities attack methodologies and penetration testing tools. This position is anticipated to require the use of one or more High Risk Role (HRR) systems which mandates successful completion of enhanced screening including criminal and credit background checks before starting employment and annually thereafter.
Job responsibilities
- Design and execute red team testing and simulations and contribute to the development and refinement of assessment methodologies tools and frameworks to ensure alignment with the firms strategy and compliance with regulatory requirements
- Evaluate controls for effectiveness and impact on operational risk as well as opportunities to automate control evaluation
- Collaborate closely with crossfunctional teams to develop comprehensive assessment reports including detailed findings risk assessments and remediation recommendations making datadriven decisions that encourage continuous improvement
- Utilize threat intelligence and security research to stay informed about emerging threats vulnerabilities industry best practices and regulations. Apply this knowledge to enhance the firms assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
Required qualifications capabilities and skills
- Strong experience in cybersecurity with demonstrated exceptional organizational skills to plan design and coordinate the development of offensive security assessments
- Ability to identify systemic security or resiliency issues as they relate to threats vulnerabilities or risks with a focus on recommendations for enhancements or remediation
- Excellent communication collaboration and report writing skills with the ability to influence and engage stakeholders across various functions and levels
- Strong understanding several of the following areas: Windows/Linux/Unix/Mac operating systems; OS and software vulnerability and exploitation techniques; commercial or opensource offensive security tools for reconnaissance scanning exploitation and post exploitation (e.g. Cobalt Strike Metasploit Burp Suite); networking fundamentals (all OSI layers protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public (AWS Azure) environments; DevOps; and familiarity with interpreting log output from networking devices operating systems and infrastructure services
- Ability to collaborate with highperforming teams and individuals throughout the firm to accomplish common goals
Preferred qualifications capabilities and skills
- Preferred qualifications include: Intelligence Community background relevant certifications such as those offered by Offensive Security (OSCP OSEP OSED OSEE OSCE) CREST (Certified Simulated Attack Specialist Registered Penetration Tester Certified Infrastructure Tester) SANS (GPEN GXPN GWAPT)
- Knowledge of malware packing obfuscation persistence exfiltration techniques and understanding of financial sector or other large security and IT infrastructures
- Experience developing proof of concept exploits and inhouse scripts and tools
- Knowledge of Firewalls IDS/IPS Web Proxies and DLP
- The ability to articulate and visually present complex penetration testing and Red Team results is highly desirable
- Demonstrable handson information security experience in Cloudbased environments and technologies such as Amazon Web Services Azure GCP and Kubernetes.
- Experience with AI/ML technologies and tools and their use in Red Teaming (e.g. developing video and audio deepfakes discover and exploit vulnerabilities in AI systems Large Language Models prompt injection etc..
- Knowledge of US financial services sector cybersecurity or resiliency organization practices operations risk management processes principles regulations threats risks and incident response methodologies
TheCybersecurity & Technology Controls group at JPMorgan Chase aligns the firms cybersecurity access management controls and resiliency teams. The group proactively and strategicallypartners with all lines of business and functions to enable them to design adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The groups number one priority is to enable the business by keeping the firm safe stable and resilient.
We are looking for multidisciplined forwardlooking technologists like you with diverse backgrounds and experiences including in areas such as cybersecurity big data machine learning risk management and controls compliance and oversight and cloud security.
When you work at JPMorgan Chase & Co. youre not just working at a global financial institution. Youre an integral part of one of the worlds biggest tech companies. In 14 technology hubs worldwide our team of 60000 technologists design build and deploy everything from enterprise technology initiatives to big data and mobile solutions as well as innovations in electronic payments cybersecurity machine learning and cloud development. Our $15B annual investment in technology enables us to hire people to create innovative solutions that will not only transform the financial services industry but also change the world.
At JPMorgan Chase & Co. we value the unique skills of every employee and were building a technology organization that thrives on diversity.We encourage professional growth and career development and offer competitive benefits and compensation.If youre looking to build your career as part of a global technology team tackling big challenges that impact the lives of people and companies all around the world we want to meet you.
Employment Type
Full-Time
