<p>JobID: 210692981</p> <p>Category: Cybersecurity Operations</p> <p>JobSchedule: Full time</p> <p>Posted Date: 2025-12-16T21:28:07+00:00</p> <p>JobShift:</p> <p>Base Pay/Salary: Washington,DC $152,000.00-$260,000.00; Chicago,IL $133,000.00-$225,000.00</p> <p>Drive the security of critical banking applications and platforms through hands-on offensive testing.</p> <p>As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization, you will play a key role in safeguarding the firm's most vital assets. Your primary responsibility will be to plan, execute, and report on penetration tests targeting high-impact applications, platforms, and services. Leveraging industry-standard methodologies and advanced techniques, you will proactively identify vulnerabilities, collaborate with application owners to understand root causes, and guide effective remediation to strengthen the firm's security posture.</p> <p>We are seeking candidates with a passion for offensive security, deep technical expertise in penetration testing, and a commitment to continuous learning and excellence.</p> <p>Job responsibilities</p> <ul> <li>Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications. </li><li>Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place. </li><li>Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts. </li><li>Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations. </li><li>Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables. </li><li>Collaborate with development, infrastructure, and security teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security. </li><li>Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups. </li><li>Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements. </li></ul> <p>Required qualifications, capabilities, and skills</p> <ul> <li>5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements. </li><li>Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.). </li><li>Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards. </li><li>Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation. </li><li>Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders. </li><li>Experience conducting peer reviews of penetration test reports and mentoring junior testers. </li><li>Continuous learner who keeps up with the latest offensive security trends, tools, and techniques. </li></ul> <p>Preferred qualifications, capabilities, and skills</p> <ul> <li>Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks. </li><li>Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems. </li><li>Experience conducting security-focused source code reviews (e.g., Python, Java, Rust). </li><li>Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities. </li><li>Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP. </li></ul>