Apply on Employer Site

Chase · 8 hours ago

Offensive Security Engineer

277 Park Ave, New York, NY, 10172, US

Full-time

Onsite

Senior Level

$152K/yr - $260K/yr

5+ years exp

Chase is a leading financial services firm that helps nearly half of America’s households and small businesses achieve their financial goals. The Offensive Security Engineer will drive the security of critical banking applications and platforms through hands-on offensive testing, planning, executing, and reporting on penetration tests to identify vulnerabilities and guide remediation efforts.

BankingFinancial Services

Responsibilities

Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications

Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place

Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts

Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations

Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables

Collaborate with development, infrastructure, and security teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security

Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups

Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements

Qualification

Penetration testingManual testingSecurity assessment methodologiesCloud platformsVulnerability identificationTechnical reportingCybersecurity knowledgeSource code reviewsReverse engineeringRelevant certificationsCommunication skillsOrganizational skillsContinuous learningMentoring

Required

5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements

Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.)

Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards

Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation

Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders

Experience conducting peer reviews of penetration test reports and mentoring junior testers

Continuous learner who keeps up with the latest offensive security trends, tools, and techniques

Preferred

Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks

Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems

Experience conducting security-focused source code reviews (e.g., Python, Java, Rust)

Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities

Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP

Benefits

Comprehensive health care coverage

On-site health and wellness centers

A retirement savings plan

Backup childcare

Tuition reimbursement

Mental health support

Financial coaching

Company

Chase

Glassdoor3.9

Chase provides broad range of financial services. It is a sub-organization of JP Morgan Chase.

Founded in 2000

New York, New York, USA

10001+ employees

https://www.chase.com/

Funding

Current Stage

Late Stage

Leadership Team

Mike McDonnell

Managing Director, Head of Chase Travel Platform Product

Nicole Sanchez

Managing Director, Consumer Bank, GM and Product Executive, Growth Financial Products

Recent News

Android Headlines

Xfinity Tops the List of Most Frustrating Companies, Shocking Absolutely No One

2026-01-24

AL.com

Bank opens Mountain Brook location as company continues Alabama expansion

2026-01-22

Small Business Trends

Chase to Take Over Apple Card Issuance in Major Partnership Shift

2026-01-18

Company data provided by crunchbase