JPMorganChase · 2 days ago
Assessments & Exercises Vice President - Offensive Security
Plano, TX
Full-time
Onsite
Mid, Senior Level
$152K/yr - $260K/yr
5+ years expJPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers and businesses. As an Assessments & Exercises Vice President in the Cyber and Tech Controls line of business, you will enhance the firm's cybersecurity posture by identifying risks and vulnerabilities while advising on security strategy and risk management.
Asset ManagementBankingFinancial Services
Responsibilities
Design and execute testing and simulations – such as penetration tests, adversary emulation assessments, collaborative technical controls assessments, and cyber exercises, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that encourage continuous improvement
Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics
Qualification
Required
5+ years of experience in cybersecurity, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
Knowledge of US financial services sector cybersecurity organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
Ability to identify systemic security issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework) and offensive security testing tools
Excellent communication, collaboration, and report writing skills, with the ability to document and explain complex technical details in a concise, understandable manner to individuals with a variety of both technical and non-technical backgrounds
Strong understanding of the following: Windows/Linux/Unix/Mac operating systems; OS and software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite); networking fundamentals (all OSI layers, protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public (AWS, Azure) environments; DevOps; incident response; threat hunting; and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services
Manual penetration testing and assessments experience (beyond running automated tools) against a wide variety of applications including web, mobile, and thick clients, internal and external facing infrastructures
Preferred
Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or those offered by Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), CREST (Certified Simulated Attack Specialist, Registered Penetration Tester, Certified Infrastructure Tester), or SANS (GPEN, GXPN, GWAPT) – showcasing advanced expertise in cybersecurity and offensive testing methodologies
Technical knowledge or experience developing proof of concept exploits and in house scripting, using interpreted languages such as Python, Ruby, or Perl, compiled languages such as C, C++, C#, or Java, and security tools or technology such as Firewalls, IDS/IPS, Web Proxies, DLP
Intelligence Community/Security Services background, knowledge of malware packing, obfuscation, persistence, exfiltration techniques, and understanding of financial sector or other large security and IT infrastructures
Experience querying log sources within large centralized logging platforms, e.g. Splunk, Elastic, Cloudera
Benefits
Comprehensive health care coverage
On-site health and wellness centers
A retirement savings plan
Backup childcare
Tuition reimbursement
Mental health support
Financial coaching
Company
JPMorganChase
With a history tracing its roots to 1799 in New York City, JPMorganChase is one of the world's oldest, largest, and best-known financial institutions—carrying forth the innovative spirit of our heritage firms in global operations across 100 markets.
10001+ employees
H1B Sponsorship
JPMorganChase has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3471)
2024 (3469)
2023 (3395)
2022 (3594)
2021 (2515)
2020 (2495)
Funding
Current Stage
Public CompanyTotal Funding
unknown1998-02-01IPO
Leadership Team
Allison Beer
CEO of Card Services and Connected Commerce
Dan Mendelson
CEO, Morgan Health
Recent News
2026-01-08
Crunchbase News
2026-01-08
Bizjournals.com Feed (2025-11-12 15:43:17)
2026-01-07
Company data provided by crunchbase