Offensive Security Specialist - London, United Kingdom - JPMorgan Chase Bank, N.A.

JPMorgan Chase Bank, N.A.
JPMorgan Chase Bank, N.A.
Verified Company
London, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

About the Organization:


Security Assurance (SA) organization ensures JPMC's most systemic security risks are identified, understood, reported, and clearly connected to our existing controls, new business initiatives and the evolving technology landscape. Through continuous data gathering and technical assessments, identify and measure systemic risk across the firm to drive control uplift requirements where needed and ensure secure architectural patterns are useable, modern and implemented.


Controls Threat Assessments (CTA) team is an integral part of the SA organization. CTA team partners with Blue team, Threat Intelligence and product/engineering teams to develop and run a program to continuously test firm's defensive controls based on prioritized threats to the company. Results from CTA exercise help in enhancement, maintenance and governance of firm's defense controls.


Offensive Security Specialist:


As a Offensive Security Specialist within the CTA team, you will be hands-on in conducting threat-driven assessments for JPMC's technical controls to objectively measure our ability to prevent and detect consequential attack patterns.

You will partner with the Blue team, Cyber Intelligence, Threat Modeling, Breach and Attack Simulation teams to understand our attack surface, coverage of controls, monitoring rules and use prioritized TTPs to systematically test controls against real-world threat actor techniques.

This team requires thinking like an attacker while understand the various capabilities and limitations of defensive technologies.

The CTA team does not perform red teaming, blue teaming, threat hunting, penetration testing or vulnerability assessments but uses similar tools and techniques to evaluate the efficacy of controls against prioritized threats.

You will be working with some of the best experts in the industry and faced with complex problem-solving opportunities, causing you to develop new skills as you progress through your career.


Responsibilities:


  • Test key threat scenarios against the firm's defense system using prioritized adversarial Tactics, Techniques and Procedures.
  • Define the attack surface and map controls that help defend it
  • Work closely with Cyber Operations to perform deepdive technical controls effectiveness testing using both manual and automated means
  • Partner with the Breach and Attack Simulation team to create new actions/sequences/monitors to test controls, identify where a control cannot be tested due to context, environment issues, tooling limitations etc, write new bespoke actions based on research into new techniques
  • Work with product security and other security partners to align remediation efforts that best protect the firm
  • Collaborate with product and engineering teams to feed evidence for tracking/visualization, help mature products based on testing outcomes and industry advances
  • Develop, maintain and improve documentation and processes to ensure robust resilience and auditability

Requirements:


  • Bachelor's degree in Computer Science/Information Technology related field
  • Solid experience working in offensive/defensive security teams like Pentest, Redteam or Blue team
  • Foundational knowledge of cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities
  • Ability to collaborate with highperforming Agile teams and individuals throughout the firm to accomplish goals
  • Ability to analyze vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence
  • Thorough knowledge of network protocols
  • Good understanding of security architecture and controls
  • Solid understanding of MITRE ATT&CK framework
  • Proficient in at least one programming language (e.g. Python) to facilitate technical testing
  • Experience with usage of SIEM tools is beneficial
  • Well recognized advanced offensive/defensive security certifications from reputed bodies like SANS, Offsec and CREST would be an added advantage
  • Adept at explaining technical jargon to nontechnical parties
  • Excellent report writing and presentation skills
  • Willingness to learn and drive to excel is a must


JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P.

Morgan and Chase brands.

Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.


We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success.

We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on th
More jobs from JPMorgan Chase Bank, N.A.
See all jobs of JPMorgan Chase Bank, N.A.