Vulnerability Researcher - Assessments & Exercises

Location: Wilmington, DE, United States

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of financial services innovation, and our Cybersecurity Operations team plays a pivotal role in safeguarding our global operations against evolving threats. As a Vulnerability Researcher - Assessments & Exercises in Wilmington, DE, you will contribute to leading-edge security and resilience efforts by identifying vulnerabilities in our banking systems, payment platforms, and digital assets. This role involves advancing protective strategies through rigorous assessments and simulated exercises, ensuring our financial infrastructure remains robust against cyber risks. You will work within a dynamic team dedicated to propelling continuous improvement, collaborating with engineers, analysts, and compliance experts to fortify JP Morgan Chase's position as a trusted leader in the industry. Your primary focus will be on conducting in-depth vulnerability research tailored to the financial services landscape, including threats to trading systems, customer data protection, and regulatory compliance. You will design and execute penetration tests and red team exercises to uncover weaknesses, analyze results using advanced tools, and propose actionable remediation plans that align with standards like PCI-DSS and SOX. By simulating sophisticated attacks, you will help build resilience across our hybrid cloud environments and legacy banking applications, contributing directly to the security posture that protects millions of clients worldwide. This position offers the opportunity to grow within one of the world's largest financial institutions, where your expertise in cybersecurity will drive meaningful impact. Join us to innovate in a collaborative culture that values ethical hacking, continuous learning, and teamwork, all while enjoying the stability and resources of JP Morgan Chase.

Key Responsibilities

• Conduct thorough vulnerability assessments and penetration testing on JP Morgan Chase's financial systems and applications
• Develop and execute security exercises to simulate real-world threats in the banking environment
• Analyze findings from assessments to recommend remediation strategies that enhance resilience
• Collaborate with cross-functional teams to integrate security best practices into software development lifecycles
• Research emerging vulnerabilities and threats specific to financial services, including payment systems and trading platforms
• Document and report on assessment results, ensuring compliance with internal policies and regulatory standards
• Contribute to the continuous improvement of protective strategies for JP Morgan Chase's global operations
• Mentor junior team members on vulnerability research techniques and tools
• Participate in incident response planning and tabletop exercises for cybersecurity resilience

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field
• Minimum of 3-5 years of experience in vulnerability research, penetration testing, or cybersecurity assessments
• Proven track record in identifying and analyzing vulnerabilities in complex financial systems
• Familiarity with regulatory requirements such as PCI-DSS, SOX, and GDPR in the financial services sector
• Experience with vulnerability scanning tools and methodologies in a high-stakes environment
• Strong understanding of secure coding practices and threat modeling for banking applications
• Ability to obtain necessary security clearances or certifications (e.g., CompTIA Security+, CEH)

Preferred Qualifications

• Advanced degree (Master's or PhD) in Cybersecurity or related discipline
• Experience in red teaming or blue team exercises within a financial institution
• Certifications such as OSCP, CISSP, or GIAC in vulnerability assessment
• Knowledge of blockchain, fintech innovations, and emerging threats in digital banking
• Prior work at a major financial services firm like JP Morgan Chase or similar

Required Skills

• Proficiency in vulnerability scanning tools like Nessus, OpenVAS, or Qualys
• Expertise in penetration testing frameworks such as OWASP and MITRE ATT&CK
• Strong scripting skills in Python, Bash, or PowerShell for automation
• Knowledge of network protocols, firewalls, and intrusion detection systems
• Experience with cloud security in AWS, Azure, or GCP environments
• Analytical problem-solving and attention to detail
• Excellent communication skills for technical reporting and stakeholder presentations
• Understanding of financial regulations and compliance frameworks
• Ability to work collaboratively in agile teams
• Familiarity with SIEM tools like Splunk or ELK Stack
• Research skills for staying updated on cybersecurity trends
• Time management in high-pressure, deadline-driven projects
• Ethical hacking and secure development practices
• Data analysis for threat intelligence in banking contexts

Benefits

• Competitive base salary and performance-based annual bonuses
• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with generous company matching
• Paid time off including vacation, sick days, and parental leave
• Professional development opportunities with tuition reimbursement and certification support
• Employee stock purchase plan and financial wellness programs
• On-site fitness centers and wellness initiatives at JP Morgan Chase locations
• Flexible work arrangements and hybrid options in Wilmington, DE

JP Morgan Chase is an equal opportunity employer.