Business Process Red Team Operator
Company: JPMorganChase
Location: Wilmington
Posted on: April 1, 2026
|
|
|
Job Description:
Description Contribute to leading-edge security and resilience
efforts, advancing protective strategies and propelling continuous
improvement. As an Assessments & Exercises Vice President in the
Cybersecurity and Technology Controls line of business, you will
contribute significantly to enhancing the firm's cybersecurity or
resiliency posture by using industry-standard assessment
methodologies and techniques to proactively identify risks and
vulnerabilities in people, processes, and technology. Design and
deploy risk-driven tests and simulations (or manage a highly
skilled team that does) and inform analysis to clearly outline
root-causes. In this role, you will evaluate preventative controls,
incident response processes, and detection capabilities, and advise
cross-functional teams on security strategy and risk management.
JPMC’s Assurance Operations organization is looking to expand its
Cybersecurity Red Team with an experienced Business Process Red
Team Operator specialized in social engineering and assessments of
critical business processes such as payment operations, fraud, and
supplier management. The primary focus of this role will be to
perform and manage hands-on offensive security activities
leveraging social engineering skillsets as part of Red Team
engagements against critical JPMC assets. The successful candidate
will have a proven track record in cybersecurity assessments, to
include social engineering operations like phishing and vishing,
and will be able to demonstrate a general knowledge of computer
networking fundamentals, modern threats and vulnerabilities, attack
methodologies, and penetration testing tools. The Cybersecurity Red
Team consists of highly skilled and qualified members who conduct
advanced adversary emulation operations to replicate cybersecurity
threats targeting the firm. This position is anticipated to require
the use of one or more High Risk Role (HRR) systems, which mandates
successful completion of enhanced screening, including criminal and
credit background checks, before starting employment and annually
thereafter. Job responsibilities Perform and manage hands-on
offensive security activities leveraging social engineering
skillsets as part of Red Team engagements against critical JPMC
assets Conduct business process assessments to include tabletop or
workshop sessions, live testing of business process controls by
technical and social engineering attacks, and preparation of
deliverables for senior stakeholders Design and execute testing and
simulations – such as penetration tests, technical controls
assessments, cyber exercises, or resiliency simulations, and
contribute to the development and refinement of assessment
methodologies, tools, and frameworks to ensure alignment with the
firm’s strategy and compliance with regulatory requirements
Evaluate controls for effectiveness and impact on operational risk,
as well as opportunities to automate control evaluation Collaborate
closely with cross-functional teams to develop comprehensive
assessment reports – including detailed findings, risk assessments,
and remediation recommendations – making data-driven decisions that
encourage continuous improvement Utilize threat intelligence and
security research to stay informed about emerging threats,
vulnerabilities, industry best practices, and regulations. Apply
this knowledge to enhance the firm's assessment strategy and risk
management. Engage with peers and industry groups that share threat
intelligence analytics Required qualifications, capabilities, and
skills 5 years of experience in cybersecurity or resiliency, with
demonstrated exceptional organizational skills to plan, design, and
coordinate the development of offensive security testing,
assessments, or simulation exercises Knowledge of US financial
services sector cybersecurity or resiliency organization practices,
operations risk management processes, principles, regulations,
threats, risks, and incident response methodologies Ability to
identify systemic security or resiliency issues as they relate to
threats, vulnerabilities, or risks, with a focus on recommendations
for enhancements or remediation, and proficiency in multiple
security assessment methodologies (e.g., Open Worldwide Application
Security Project (OWASP) Top Ten, National Institute of Standards
and Technology (NIST) Cybersecurity Framework), offensive testing
tools, or resiliency testing equivalents Excellent communication,
collaboration, and report writing skills, with the ability to
influence and engage stakeholders across various functions and
levels Candidate should have the ability to perform targeted,
covert security tests with vulnerability identification,
exploitation, and post-exploitation activities Strong understanding
of the following: Networking fundamentals (all OSI layers,
protocols); Windows/ Linux/Unix/Mac operating systems as well as
software vulnerability and exploitation techniques; commercial or
open-source offensive security tools for reconnaissance, scanning,
exploitation, and post-exploitation (e.g. Cobalt Strike,
Metasploit, Nmap, Nessus, Burp Suite) Familiarity with AI/ML
technologies and tools and operationalizing their use in Red
Teaming (e.g., developing video and audio deepfakes, etc.), as well
as with system administration skills such as configuration,
maintenance, and interpretation of log output from networking
devices, operating systems, and infrastructure services and with
cloud architecture, operations, and security vulnerabilities
Ability to collaborate with high-performing teams and individuals
throughout the firm to accomplish common goals Broad experience in
multiple businesses or verticals, with organizational and cultural
understanding of call centers, payments processes, client
service/sales organizations, and operational support staff The
ability to articulate and visually present complex technical and
fraud subject matter to a wide and senior audience Ability to
analyze and produce reports about cybersecurity and fraud
vulnerabilities, threats, designs, and procedures Preferred
qualifications, capabilities, and skills Social engineering
background (or intelligence, law enforcement, or similar
experience) Experience in fraud detection and prevention, with a
proven track record in identifying, analyzing, and mitigating fraud
risks within financial systems or similar environments.
Understanding of relevant regulations and compliance requirements
related to fraud prevention, such as AML (Anti-Money Laundering)
and KYC (Know Your Customer) standards Relevant certifications such
as those offered by Offensive Security (OSCP, OSEP), CREST
(Certified Simulated Attack Specialist), SANS (GPEN, GWAPT),
fraud-specific certifications such as Certified Fraud Examiner or
Certified Anti-Money Laundering Specialist (CAMS) Technical
knowledge such as: developing in-house scripting; using interpreted
languages (such as Ruby, Python, or Perl) and compiled languages
(such as C, C++, C#, or Java); understanding security tools or
technology such as firewalls, IDS/IPS, web proxies, and DLP
Information Security experience in two or more of the following
verticals: fraud operations, threat modeling, network/application
security testing, social engineering, Red Team operations, and
network exploitation operations Ability to support and grow
skillsets for Cybersecurity Red Team operations CTC
Keywords: JPMorganChase, Jacksonville , Business Process Red Team Operator, IT / Software / Systems , Wilmington, North Carolina
