Offensive Security Specialist | Cyber Security Jobs London, United Kingdom

Full time Permanent in Cyber Security Analyst Email Job
  • Share:

Job Detail

  • Offered Salary 1000
  • Experience 3 Years
  • Gender Male
  • Industry software-and-internet-services
  • Qualifications networks-and-security

Job Description

Full Job Description

About the Organization:

Security Assurance (SA) organization ensures JPMC’s most systemic security risks are identified, understood, reported, and clearly connected to our existing controls, new business initiatives and the evolving technology landscape. Through continuous data gathering and technical assessments, identify and measure systemic risk across the firm to drive control uplift requirements where needed and ensure secure architectural patterns are useable, modern and implemented.

Controls Threat Assessments (CTA) team is an integral part of the SA organization. CTA team partners with Blue team, Threat Intelligence and product/engineering teams to develop and run a program to continuously test firm’s defensive controls based on prioritized threats to the company. Results from CTA exercise help in enhancement, maintenance and governance of firm’s defense controls.

Offensive Security Specialist:

As a Offensive Security Specialist within the CTA team, you will be hands-on in conducting threat-driven assessments for JPMC’s technical controls to objectively measure our ability to prevent and detect consequential attack patterns. You will partner with the Blue team, Cyber Intelligence, Threat Modeling, Breach and Attack Simulation teams to understand our attack surface, coverage of controls, monitoring rules and use prioritized TTPs to systematically test controls against real-world threat actor techniques. This team requires thinking like an attacker while understand the various capabilities and limitations of defensive technologies. The CTA team does not perform red teaming, blue teaming, threat hunting, penetration testing or vulnerability assessments but uses similar tools and techniques to evaluate the efficacy of controls against prioritized threats. You will be working with some of the best experts in the industry and faced with complex problem-solving opportunities, causing you to develop new skills as you progress through your career.


  • Test key threat scenarios against the firm’s defense system using prioritized adversarial Tactics, Techniques and Procedures.
  • Define the attack surface and map controls that help defend it
  • Work closely with Cyber Operations to perform deep-dive technical controls effectiveness testing using both manual and automated means
  • Partner with the Breach and Attack Simulation team to create new actions/sequences/monitors to test controls, identify where a control cannot be tested due to context, environment issues, tooling limitations etc, write new bespoke actions based on research into new techniques
  • Work with product security and other security partners to align remediation efforts that best protect the firm
  • Collaborate with product and engineering teams to feed evidence for tracking/visualization, help mature products based on testing outcomes and industry advances
  • Develop, maintain and improve documentation and processes to ensure robust resilience and auditability


  • Bachelor’s degree in Computer Science/Information Technology related field
  • Solid experience working in offensive/defensive security teams like Pentest, Redteam or Blue team
  • Foundational knowledge of cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities
  • Ability to collaborate with high-performing Agile teams and individuals throughout the firm to accomplish goals
  • Ability to analyze vulnerabilities, threats, designs, procedures and architectural design, producing reports and sharing intelligence
  • Thorough knowledge of network protocols
  • Good understanding of security architecture and controls
  • Solid understanding of MITRE ATT&CK framework
  • Proficient in at least one programming language (e.g. Python) to facilitate technical testing
  • Experience with usage of SIEM tools is beneficial
  • Well recognized advanced offensive/defensive security certifications from reputed bodies like SANS, Offsec and CREST would be an added advantage
  • Adept at explaining technical jargon to non-technical parties
  • Excellent report writing and presentation skills
  • Willingness to learn and drive to excel is a must

JPMorgan Chase & Co., one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

The health and safety of our colleagues, candidates, clients and communities has been a top priority in light of the COVID-19 pandemic. JPMorgan Chase was awarded the “WELL Health-Safety Rating” for all of our 6,200 locations globally based on our operational policies, maintenance protocols, stakeholder engagement and emergency plans to address a post-COVID-19 environment.

As a part of our commitment to health and safety, we have implemented various COVID-related health and safety requirements for our workforce. Employees are expected to follow the Firm’s current COVID-19 or other infectious disease health and safety requirements, including local requirements. Requirements include sharing information including your vaccine card in the firm’s vaccine record tool, and may include mask wearing. Requirements may change in the future with the evolving public health landscape. JPMorgan Chase will consider accommodation requests as required by applicable law.

Equal Opportunity Employer/Disability/Veterans

Other jobs you may like