Senior Red Team Operator - Cloud Specialty

Location: LONDON, United Kingdom

Job Family: Cybersecurity Operations

About the Role

JPMC’s Assurance Operations organization is at the forefront of safeguarding one of the world's largest financial institutions against evolving cyber threats. We are seeking a Senior Red Team Operator - Cloud Specialty to join our elite Cybersecurity Red Team in London, United Kingdom. In this critical role, you will simulate sophisticated attacks on our cloud-based financial systems to uncover weaknesses before malicious actors can exploit them. As a key player in our global operations, you will contribute to maintaining the integrity, confidentiality, and availability of sensitive banking data, ensuring compliance with stringent regulations like GDPR and PCI-DSS that define the financial services industry. Your primary focus will be on advanced red team engagements targeting cloud platforms such as AWS, Azure, and GCP, which power JP Morgan Chase's innovative trading, lending, and asset management services. You will design and execute realistic attack scenarios, from initial reconnaissance to privilege escalation and lateral movement, all while adhering to ethical guidelines and internal policies. Collaborating closely with our blue teams and assurance partners, you will provide actionable insights that strengthen our defenses, ultimately protecting client assets and enabling secure digital transformation in the competitive financial landscape. This position offers the opportunity to work in a dynamic, high-impact environment where your expertise directly influences JPMC's cybersecurity posture. We value professionals who thrive on intellectual challenges, possess a passion for offensive security, and are committed to the highest standards of integrity in financial services. Join us to advance your career while contributing to the resilience of global finance.

Key Responsibilities

• Conduct advanced red team simulations targeting cloud infrastructure to identify vulnerabilities in JP Morgan Chase's financial systems
• Develop and execute sophisticated attack scenarios mimicking real-world threats to banking operations
• Collaborate with blue teams and assurance operations to enhance defensive postures in cloud environments
• Perform penetration testing on AWS, Azure, and GCP platforms used by JPMC's global financial services
• Document findings in detailed reports, including remediation recommendations aligned with regulatory standards
• Stay abreast of emerging cloud security threats and adapt red team tactics accordingly
• Mentor junior operators and contribute to the evolution of JPMC's Cybersecurity Red Team strategies
• Ensure all operations comply with financial industry regulations and internal JPMC policies
• Integrate red team insights into broader cybersecurity training programs for JPMC employees

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 5 years of experience in red teaming, penetration testing, or offensive security operations
• Proven expertise in cloud security assessments, including AWS, Azure, and GCP environments
• Strong understanding of financial services regulations such as GDPR, PCI-DSS, and SOX compliance
• Experience with threat modeling and simulating advanced persistent threats (APTs) in enterprise settings
• Relevant certifications such as OSCP, OSCE, CREST CRT, or GIAC GPEN
• Ability to obtain and maintain necessary security clearances for handling sensitive financial data

Preferred Qualifications

• Advanced degree in Cybersecurity or related field
• Experience in red team operations within the banking or financial services sector
• Familiarity with JP Morgan Chase's internal security tools and frameworks
• Knowledge of hybrid cloud architectures and multi-cloud security challenges
• Prior leadership experience in mentoring junior red team members

Required Skills

• Expertise in cloud penetration testing tools like Pacu, CloudMapper, and Scout Suite
• Proficiency in scripting languages such as Python, Bash, and PowerShell for automation
• Deep knowledge of cloud security misconfigurations and identity access management (IAM)
• Experience with adversary emulation frameworks like MITRE ATT&CK for cloud
• Strong analytical skills for dissecting complex financial system architectures
• Excellent communication skills for reporting to executive stakeholders in banking
• Ability to work under pressure in high-stakes simulations impacting financial operations
• Familiarity with SIEM tools and log analysis in cloud environments
• Understanding of encryption standards and secure coding practices in finance
• Team collaboration skills for cross-functional cybersecurity initiatives
• Adaptability to evolving threats in the financial services landscape
• Proficiency in vulnerability assessment tools like Nessus or OpenVAS
• Knowledge of container security (Docker, Kubernetes) in cloud setups
• Problem-solving mindset for innovative attack vector development
• Ethical hacking principles with a focus on regulatory compliance

Benefits

• Competitive base salary and performance-based annual bonuses
• Comprehensive health, dental, and vision insurance coverage
• Generous retirement savings plan with company matching contributions
• Paid time off including vacation, sick leave, and parental leave
• Professional development opportunities with tuition reimbursement for certifications
• Employee wellness programs and gym membership discounts
• Flexible hybrid work arrangements in London with relocation support if applicable
• Access to JPMC's global employee stock purchase plan

JP Morgan Chase is an equal opportunity employer.