Offensive Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Chase · 14 hours ago

Offensive Security Engineer

position277 Park Ave, New York, NY, 10172, US
timeFull-time
remoteOnsite
senioritySenior Level
money$152K/yr - $260K/yr
date5+ years exp

Chase is a leading financial services firm that helps nearly half of America’s households and small businesses achieve their financial goals. The Offensive Security Engineer will drive the security of critical banking applications and platforms through hands-on offensive testing, planning, executing, and reporting on penetration tests to identify vulnerabilities and guide remediation efforts.

BankingFinancial Services

Responsibilities

Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications
Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place
Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts
Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations
Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables
Collaborate with development, infrastructure, and security teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security
Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups
Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements

Qualification

Penetration testingManual testingSecurity assessment methodologiesCloud platformsVulnerability identificationTechnical reportingCybersecurity knowledgeSource code reviewsReverse engineeringRelevant certificationsCommunication skillsOrganizational skillsContinuous learningMentoring

Required

5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements
Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.)
Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards
Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation
Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders
Experience conducting peer reviews of penetration test reports and mentoring junior testers
Continuous learner who keeps up with the latest offensive security trends, tools, and techniques

Preferred

Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks
Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems
Experience conducting security-focused source code reviews (e.g., Python, Java, Rust)
Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities
Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP

Benefits

Comprehensive health care coverage
On-site health and wellness centers
A retirement savings plan
Backup childcare
Tuition reimbursement
Mental health support
Financial coaching

Company

Chase

twittertwittertwitter
Glassdoor3.9
company-logo
Chase provides broad range of financial services. It is a sub-organization of JP Morgan Chase.
dateFounded in 2000
location
New York, New York, USA
people-size10001+ employees
web-link
https://www.chase.com/

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Mike McDonnell
Managing Director, Head of Chase Travel Platform Product
linkedin
leader-logo
Nicole Sanchez
Managing Director, Consumer Bank, GM and Product Executive, Growth Financial Products
linkedin

Recent News

Android Headlines
Xfinity Tops the List of Most Frustrating Companies, Shocking Absolutely No One
2026-01-24
AL.com
Bank opens Mountain Brook location as company continues Alabama expansion
2026-01-22
Small Business Trends
Chase to Take Over Apple Card Issuance in Major Partnership Shift
2026-01-18
Company data provided by crunchbase