JP Morgan Chase & Co.

X-Day Offensive Research (XOR) Vulnerability Researcher

JP Morgan Chase & Co.$120K — $150K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in cybersecurity or resiliency with strong organizational skills.
  • Proven track record of discovered vulnerabilities (CVEs) in various technology categories.
  • Hands-on experience in vulnerability research and proof-of-concept exploit development.
  • Expertise in advanced analysis frameworks for complex software vulnerabilities.
  • Strong knowledge of at least two operating systems internals (Windows/Linux/Mac/iOS/Android).
  • Extensive experience in reverse engineering x86/x64 and ARM binaries.
  • Excellent communication and collaboration skills.

Responsibilities

  • Design and execute penetration tests and cyber exercises.
  • Evaluate controls for effectiveness and explore automation opportunities.
  • Conduct in-depth vulnerability research across diverse technology categories.
  • Reverse engineer binaries to uncover novel attack surfaces.
  • Perform N-day vulnerability analysis and exploit validation.
  • Document research findings and develop technical workflows for knowledge sharing.
  • Leverage threat intelligence to enhance assessment strategies.

Benefits

  • Work in a highly collaborative and research-driven environment.
  • Opportunities for professional development and continuous learning.
  • Engage in cutting-edge vulnerability research and exploit development.
  • Contribute to improving the cybersecurity posture of a major financial institution.
Full Job Description
JOB DESCRIPTION

As an X-Day Offensive Research (XOR) Vulnerability Researcher - Assessments & Exercises at JPMorganChase in the Cybersecurity & Technology Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. In this role, you will design and deploy risk-driven assessments (or manage a highly-skilled team that does) and inform analysis to clearly outline root causes.

We are seeking a dedicated, self-motivated vulnerability researcher to tackle the complex demands of our mission. Working closely with fellow researchers and defense teams, you will investigate challenging targets, uncover novel attack surfaces, and develop innovative solutions that enhance our security posture. The ideal candidate combines deep technical curiosity with a strong background in reverse engineering, static analysis, and dynamic analysis, and thrives in a highly collaborative, research-driven environment.

Job responsibilities

  • Design and execute testing and simulations 6 such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations 6 and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm9;s strategy and compliance with regulatory requirements.
  • Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation.
  • Conduct in-depth vulnerability research and exploit development across a broad range of categories, including operating systems, mobile devices, web applications, browsers, edge devices, and enterprise software.
  • Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel attack surfaces and develop proof-of-concept exploits.
  • Use common vulnerability research toolsets such as fuzzers, disassemblers, debuggers, and code browsers for static and dynamic analysis.
  • Perform N-day vulnerability analysis, patch diffing, and proof-of-concept exploit validation.
  • Collaborate with cross-functional teams to develop comprehensive reports 6 including detailed findings, risk assessments, and remediation recommendations 6 supporting vulnerability triage, patch prioritization, and the sharing of indicators of compromise (IOCs) in service of the firm's mission requirements.
  • Leverage threat intelligence and security research to stay ahead of emerging threats, vulnerabilities, industry best practices, and regulations, applying this knowledge to enhance the firm's assessment strategy and risk management, and engaging with peers and industry groups that share threat intelligence analytics.
  • Document research findings, proof-of-concepts, and technical workflows to enable knowledge sharing and repeatability.

Required qualifications, capabilities, and skills

  • 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises.
  • Track record of discovered vulnerabilities (CVEs) in high-profile targets in at least one of the following categories: operating systems, mobile devices, web applications, browsers, edge devices, or enterprise software.
  • Proven hands-on experience in vulnerability research, proof-of-concept exploit development, coordinated vulnerability disclosure, and mitigating security vulnerabilities in open-source projects.
  • Expertise in advanced analysis frameworks leveraging symbolic execution techniques and dynamic binary instrumentation to identify, triage, and exploit complex software vulnerabilities.
  • Hands-on proficiency exploiting complex vulnerability classes 6 including use-after-free, double free, type confusion 6 and applying advanced exploitation techniques such as heap spraying and controlled memory corruption to achieve reliable code execution.
  • Strong understanding of the internals of at least two operating systems throughout user mode and kernel mode (Microsoft Windows, GNU/Linux, Android, macOS, or iOS).
  • Experience auditing large C/C++, Java, and .NET codebases combining automated static analyzers with manual review to trace data and control flow, uncover memory-safety, injection, and deserialization vulnerabilities and produce proof-of-concept code.
  • Extensive reverse engineering expertise on x86/x64 and ARM/ARM64 binaries, employing IDA Pro, Ghidra, Binary Ninja, WinDbg, GDB, and RR for deep static/dynamic analysis and root cause vulnerability discovery.
  • Knowledge of US financial services sector cybersecurity or resiliency organization practices, operational risk management processes, principles, regulations, threats, risks, and incident response methodologies.
  • Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents.
  • Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels.

Preferred qualifications, capabilities, and skills

  • Bachelor9s degree in computer science, or PhD in a related technical field, or an equivalent combination of education and/or experience in a related field.
  • 5+ years of experience in vulnerability research and exploit development.
  • Experience using fuzzing tools such as LibFuzzer, LibAFL, AFL++, OSS-Fuzz, and Syzkaller.
  • Experience using program analysis tools such as LLVM, Angr, KLEE, Intel Pin, DynamoRIO, and Frida.
  • Experience emulating embedded platforms for live debugging.
  • Experience with kernel and low-level operating system development.
  • Deep Linux internals knowledge (SELinux, AppArmor, Seccomp, eBPF, containers, VMs).
  • Deep Windows internals knowledge (KASLR, DSE, SSDT, IDT, SMEP, SMAP, PXN, KPP, KDP, VBS, HVCI, KMCI, UMCI).

#CTC

About JP Morgan Chase & Co.

JP Morgan Chase & Co. stands at the forefront of the global financial services industry. They offer an expansive array of products and services to a diverse clientele, including individuals, corporations, governments, and institutions. Ever since the merger of J.P. Morgan & Co. and Chase Manhattan Corporation in 2000, this industry-leading entity has become renowned for its comprehensive portfolio encompassing consumer and community banking, corporate and investment banking, commercial banking, as well as asset and wealth management. Headquartered in the vibrant city of New York, JP Morgan Chase & Co. boasts a formidable presence across over 100 countries worldwide.

Unveiling Employment Opportunities at JP Morgan Chase & Co.

Vacancies and Hiring Initiatives

JP Morgan Chase & Co. is continuously on the lookout for talented individuals eager to contribute to its legacy of excellence. The company's recruitment efforts are geared towards identifying candidates with the right blend of skills and qualifications to drive forward its various business segments. Whether you are a seasoned professional or a recent graduate, JP Morgan Chase offers a plethora of job openings across multiple disciplines.

High-Demand Positions

Among the myriad of roles, certain positions stand out for their attractive compensation packages and career advancement prospects. Notably, high-paying jobs at JP Morgan Chase & Co. include Relationship Manager, Branch Manager, and Software Engineer. These roles are critical to the firm's operations and offer lucrative opportunities for those with the requisite expertise.

Navigating the Job Market at JP Morgan Chase & Co.

Leveraging Job Portals and Job Alerts

For job seekers aiming to tap into the opportunities at JP Morgan Chase, staying updated through job portals and subscribing to job alerts is crucial. These tools can provide timely information about job openings, job fairs, and recruitment events, enabling candidates to apply promptly and prepare adequately for interviews.

Preparing Your Job Application

Your job application, comprising your resume and cover letter, is your ticket to securing an interview at JP Morgan Chase. Highlight your qualifications, skills, and experiences that align with the job listing, ensuring you stand out in the competitive job market.

Acing the Interview

Preparation is key to succeeding in your interview with JP Morgan Chase. Familiarize yourself with the company's business segments, values, and recent achievements. Demonstrating how your background and aspirations match the company's goals can significantly increase your chances of employment. A World of Job Opportunites in the Financial Services Industry JP Morgan Chase & Co. offers a world of job opportunities for those seeking to make their mark in the financial services industry. With competitive salaries, comprehensive benefits, and endless possibilities for growth, positions at JP Morgan Chase are highly coveted. By staying informed through job sites, tailoring your applications, and preparing thoroughly for interviews, you can enhance your prospects of joining the esteemed ranks of JP Morgan Chase employees. Explore the job board, seize the job opportunities, and embark on a rewarding career journey with one of the world's leading financial institutions.
Learn more about JP Morgan Chase & Co.
Size
661 employees
Market Cap
$384.5 billion
Industry
Net Income
$29.1 billion
Founded
1823
5 Year Trend
+0.7%
Revenue
$261.5 million
NASDAQ

Similar Jobs

More Jobs at JP Morgan Chase & Co.

More Finance & Insurance Jobs

Find similar X-Day Offensive Research (XOR) Vulnerability Researcher jobs: