Talent.com
Assessments & Exercises Lead - Penetration Testing

Assessments & Exercises Lead - Penetration Testing

ConfidentialHyderabad / Secunderabad, Telangana, India
12 days ago
Job description

Job Description

As an Assessments & Exercises Lead in the Cyber and Tech Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations (or manage a highly-skilled team that does) and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

Job Responsibilities

  • Design and execute testing and simulations – such as penetration tests, adversary emulation assessments, collaborative technical controls assessments, and cyber exercises, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm's strategy and compliance with regulatory requirements
  • Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
  • Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that encourage continuous improvement
  • Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics

Required Qualifications, Capabilities, And Skills

  • 5+ years of experience in cybersecurity, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
  • Knowledge of US financial services sector cybersecurity organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
  • Ability to identify systemic security issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework) and offensive security testing tools
  • Excellent communication, collaboration, and report writing skills, with the ability to document and explain complex technical details in a concise, understandable manner to individuals with a variety of both technical and non-technical backgrounds
  • Strong understanding of the following : Windows / Linux / Unix / Mac operating systems; OS and software vulnerability and exploitation techniques; commercial or open-source offensive security tools for reconnaissance, scanning, exploitation, and post exploitation (e.g. Cobalt Strike, Metasploit, Burp Suite); networking fundamentals (all OSI layers, protocols); Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) providers in both private and public (AWS, Azure) environments; DevOps; incident response; threat hunting; and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services
  • Manual penetration testing and assessments experience (beyond running automated tools) against a wide variety of applications including web, mobile, and thick clients, internal and external facing infrastructures

    • Preferred Qualifications, Capabilities, And Skills

  • Hold relevant industry certifications – such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or those offered by Offensive Security (OSCP, OSEP, OSED, OSEE, OSCE), CREST (Certified Simulated Attack Specialist, Registered Penetration Tester, Certified Infrastructure Tester), or SANS (GPEN, GXPN, GWAPT) – showcasing advanced expertise in cybersecurity and offensive testing methodologies
  • Technical knowledge or experience developing proof of concept exploits and in house scripting, using interpreted languages such as Python, Ruby, or Perl, compiled languages such as C, C++, C#, or Java, and security tools or technology such as Firewalls, IDS / IPS, Web Proxies, DLP
  • Intelligence Community / Security Services background, knowledge of malware packing, obfuscation, persistence, exfiltration techniques, and understanding of financial sector or other large security and IT infrastructures
  • Experience querying log sources within large centralized logging platforms, e.g. Splunk, Elastic, Cloudera

    • ABOUT US

    JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.

    We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.

    About The Team

    The Cybersecurity & Technology Controls group at JPMorganChase aligns the firm's cybersecurity, access management, controls and resiliency teams. The group proactively and strategically partners with all lines of business and functions to enable them to design, adopt and integrate appropriate controls; deliver processes and solutions efficiently and consistently; and drive automation of controls. The group's number one priority is to enable the business by keeping the firm safe, stable and resilient.

    High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.

    Skills Required

    Risk Management, Metasploit, Devops, Burp Suite, Threat Intelligence, Penetration Testing, Azure, Aws

    Create a job alert for this search

    Testing Lead Testing • Hyderabad / Secunderabad, Telangana, India

    Related jobs
    • Promoted
    Performance Test Lead

    Performance Test Lead

    QualiZealhyderabad, telangana, in
    QualiZeal is North America's Fastest-growing Independent Digital Quality Engineering Services company with a global headcount of 800+ Software Quality and Development Engineers.Trusted by 40+ globa...Show moreLast updated: 30+ days ago
    • Promoted
    Performance Test Lead

    Performance Test Lead

    ConfidentialHyderabad / Secunderabad, Telangana
    Lead performance testing activities ensuring quality and timely delivery.Design, develop, and execute performance test scripts using LoadRunner and JMeter. Analyze test results and provide actionabl...Show moreLast updated: 30+ days ago
    • Promoted
    Identity and Access Management Tester

    Identity and Access Management Tester

    HCLTechHyderabad, Republic Of India, IN
    Must have 8+ years of experience in Manual / Function Testing.Having extensive experience in IAM and Sailpoint application testing. Experience in Troubleshooting and root cause analysis within the I...Show moreLast updated: 8 days ago
    • Promoted
    Application Performance Test Lead

    Application Performance Test Lead

    USTHyderabad, Republic Of India, IN
    Must have - 5+ years of experience in performance testing with LoadRunner.Must have - Proficiency in Dynatrace for application performance monitoring and diagnostics. Must have - Hands-on experience...Show moreLast updated: 8 days ago
    • Promoted
    Performance Tester

    Performance Tester

    Zemoso TechnologiesHyderabad, Telangana, India
    Hyderabad / Bengaluru / Pune / Mumbai — Hybrid.Develop and maintain performance and load testing scripts using Load Runner and J. Use Grafana and Dynatrace to perform runtime profiling to identify b...Show moreLast updated: 2 days ago
    • Promoted
    Senior User Acceptance Tester [T500-20556]

    Senior User Acceptance Tester [T500-20556]

    Delta Air Lineshyderabad, telangana, in
    Delta Air Lines (NYSE : DAL) is the U.Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Manager - Digital Quality User Acceptance & Accessibility Testing [T500-21432]

    Manager - Digital Quality User Acceptance & Accessibility Testing [T500-21432]

    Delta Air Linessecunderabad, telangana, in
    Delta Air Lines (NYSE : DAL) is the U.Powered by our employees around the world, Delta has for a decade led the airline industry in operational excellence while maintaining our reputation for award-...Show moreLast updated: 9 hours ago
    • Promoted
    Performance Test Automation Lead

    Performance Test Automation Lead

    USTHyderabad, Republic Of India, IN
    Must have - 5+ years of experience in performance testing with LoadRunner.Must have - Proficiency in Dynatrace for application performance monitoring and diagnostics. Must have - Hands-on experience...Show moreLast updated: 8 days ago
    • Promoted
    Test Lead - Life Insurance

    Test Lead - Life Insurance

    QualityKiosk Technologieshyderabad, telangana, in
    The incumbent is responsible for managing & leading the testing engagement for assigned projects within.The key responsibilities include designing the testing strategy with the Test Manager, alloca...Show moreLast updated: 8 days ago
    • Promoted
    Performance and Scalability Test Lead

    Performance and Scalability Test Lead

    QualiZealHyderabad, Republic Of India, IN
    QualiZeal is North America's Fastest-growing Independent Digital Quality Engineering Services company with a global headcount of 800+ Software Quality and Development Engineers.Trusted by 40+ globa...Show moreLast updated: 30+ days ago
    • Promoted
    Test Lead

    Test Lead

    IndiumHyderabad, IN
    We are looking for a 10+ years skilled Senior Test Lead with strong expertise in.Should be capable of translating business requirements into effective test scenarios, collaborating closely with sta...Show moreLast updated: 8 days ago
    • Promoted
    Performance Test Lead

    Performance Test Lead

    USThyderabad, telangana, in
    Must have - 5+ years of experience in performance testing with LoadRunner.Must have - Proficiency in Dynatrace for application performance monitoring and diagnostics. Must have - Hands-on experience...Show moreLast updated: 8 days ago
    • Promoted
    Test Lead - Life Insurance Domain

    Test Lead - Life Insurance Domain

    QualityKiosk Technologieshyderabad, telangana, in
    We are seeking a highly skilled and experienced.The ideal candidate will be responsible for leading testing efforts across projects, ensuring quality delivery, and driving continuous improvement in...Show moreLast updated: 8 days ago
    • Promoted
    Performance Test Engineering Lead

    Performance Test Engineering Lead

    QualiZealHyderabad, Republic Of India, IN
    QualiZeal is North America's Fastest-growing Independent Digital Quality Engineering Services company with a global headcount of 800+ Software Quality and Development Engineers.Trusted by 40+ globa...Show moreLast updated: 30+ days ago
    • Promoted
    • New!
    Accessibility Testing

    Accessibility Testing

    QualiZealHyderabad, IN
    We are seeking a highly skilled Accessibility Test Lead to join our team and champion accessibility initiatives across our digital products and services. As an Accessibility Test Lead, you will be r...Show moreLast updated: 16 hours ago
    • Promoted
    Performance Testing

    Performance Testing

    GC Technologies Pvt LtdHyderabad, IN
    Infosys Limited Virtual Drive on 22nd Nov 2025 : .Pune / BLR / Gurgaon / Noida / CHN / HYD / TVM.Serving or not working only can apply. Stick to budget and check documents PF, UAN, payslip availability, no cash...Show moreLast updated: 2 days ago
    • Promoted
    Performance Test Lead

    Performance Test Lead

    Tata Consultancy Serviceshyderabad, telangana, in
    Experience : 9 years to 14 years.Location : Kolkata , Hyderabad, Bhubaneswar, Bangalore.Interested candidates can send their resume on below mail ID along with below details-.Education or career gap ...Show moreLast updated: 3 days ago
    • Promoted
    Penetration Testing and Red Teaming Manager

    Penetration Testing and Red Teaming Manager

    NopalCyberHyderabad, Republic Of India, IN
    NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface ma...Show moreLast updated: 17 days ago