Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

X-Day Offensive Research (XOR) Vulnerability Researcher

Chase

X-Day Offensive Research (XOR) Vulnerability Researcher - Assessments & Exercises

As an X-Day Offensive Research (XOR) Vulnerability Researcher - Assessments & Exercises at JPMorganChase in the Cybersecurity & Technology Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. In this role, you will design and deploy risk-driven assessments (or manage a highly-skilled team that does) and inform analysis to clearly outline root causes.

We are seeking a dedicated, self-motivated vulnerability researcher to tackle the complex demands of our mission. Working closely with fellow researchers and defense teams, you will investigate challenging targets, uncover novel attack surfaces, and develop innovative solutions that enhance our security posture. The ideal candidate combines deep technical curiosity with a strong background in reverse engineering, static analysis, and dynamic analysis, and thrives in a highly collaborative, research-driven environment.

Job responsibilities

  • Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations – and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm's strategy and compliance with regulatory requirements.
  • Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation.
  • Conduct in-depth vulnerability research and exploit development across a broad range of categories, including operating systems, mobile devices, web applications, browsers, edge devices, and enterprise software.
  • Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel attack surfaces and develop proof-of-concept exploits.
  • Use common vulnerability research toolsets such as fuzzers, disassemblers, debuggers, and code browsers for static and dynamic analysis.
  • Perform N-day vulnerability analysis, patch diffing, and proof-of-concept exploit validation.
  • Collaborate with cross-functional teams to develop comprehensive reports – including detailed findings, risk assessments, and remediation recommendations – supporting vulnerability triage, patch prioritization, and the sharing of indicators of compromise (IOCs) in service of the firm's mission requirements.
  • Leverage threat intelligence and security research to stay ahead of emerging threats, vulnerabilities, industry best practices, and regulations, applying this knowledge to enhance the firm's assessment strategy and risk management, and engaging with peers and industry groups that share threat intelligence analytics.
  • Document research findings, proof-of-concepts, and technical workflows to enable knowledge sharing and repeatability.

Required qualifications, capabilities, and skills

  • 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises.
  • Track record of discovered vulnerabilities (CVEs) in high-profile targets in at least one of the following categories: operating systems, mobile devices, web applications, browsers, edge devices, or enterprise software.
  • Proven hands-on experience in vulnerability research, proof-of-concept exploit development, coordinated vulnerability disclosure, and mitigating security vulnerabilities in open-source projects.
  • Expertise in advanced analysis frameworks leveraging symbolic execution techniques and dynamic binary instrumentation to identify, triage, and exploit complex software vulnerabilities.
  • Hands-on proficiency exploiting complex vulnerability classes – including use-after-free, double free, type confusion – and applying advanced exploitation techniques such as heap spraying and controlled memory corruption to achieve reliable code execution.
  • Strong understanding of the internals of at least two operating systems throughout user mode and kernel mode (Microsoft Windows, GNU/Linux, Android, macOS, or iOS).
  • Experience auditing large C/C++, Java, and.NET codebases combining automated static analyzers with manual review to trace data and control flow, uncover memory-safety, injection, and deserialization vulnerabilities and produce proof-of-concept code.
  • Extensive reverse engineering expertise on x86/x64 and ARM/ARM64 binaries, employing IDA Pro, Ghidra, Binary Ninja, WinDbg, GDB, and RR for deep static/dynamic analysis and root cause vulnerability discovery.
  • Knowledge of US financial services sector cybersecurity or resiliency organization practices, operational risk management processes, principles, regulations, threats, risks, and incident response methodologies.
  • Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents.
  • Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels.

Preferred qualifications, capabilities, and skills

  • Bachelor's degree in computer science, or PhD in a related technical field, or an equivalent combination of education and/or experience in a related field.
  • 5+ years of experience in vulnerability research and exploit development.
  • Experience using fuzzing tools such as LibFuzzer, LibAFL, AFL++, OSS-Fuzz, and Syzkaller.
  • Experience using program analysis tools such as LLVM, Angr, KLEE, Intel Pin, DynamoRIO, and Frida.
  • Experience emulating embedded platforms for live debugging.
  • Experience with kernel and low-level operating system development.
  • Deep Linux internals knowledge (SELinux, AppArmor, Seccomp, eBPF, containers, VMs).
  • Deep Windows internals knowledge (KASLR, DSE, SSDT, IDT, SMEP, SMAP, PXN, KPP, KDP, VBS, HVCI, KMCI, UMCI).
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the X-Day Offensive Research (XOR) Vulnerability Researcher in McLean, VA vacancy
  •  ...Principal Vulnerability Researcher Zetier is seeking Principal Vulnerability Researchers to analyze and counter malicious software and develop...  ...Experience developing/defeating mitigations (ASLR, DEP, N^X) Developed defeats of common anti-RE techniques (obfuscation... 
    Suggested

    Zetier

    Arlington, VA
    4 days ago
  •  ...You’ll join our team looking to identify vulnerabilities in Apple platforms using both static and...  .... Desirable technical experience: Research on the low‑level internals of Apple...  ...upon an invitation to interview. ~25 days paid vacation + federal holidays ~ Annual... 
    Suggested
    Remote work

    Interrupt Labs

    Arlington, VA
    1 day ago
  • $131k

    Senior Vulnerability Researcher Android OS McLean, VA Senior Vulnerability Researcher Android OS Get AI-powered advice on this job and more exclusive...  ...and stay at the forefront of mobile security advancements. Day-to-day responsibilities and duties include: Conduct in-depth... 
    Suggested
    Full time
    Work experience placement
    Remote work
    Monday to Friday

    LyteForge

    Mc Lean, VA
    4 days ago
  •  ...Description Job Description Breakpoint Research builds novel, mission-critical offensive cyber capabilities, to strengthen...  .... We're hiring experienced vulnerability researchers to join our team,...  ...expectations. On top of that: ~25 days annual leave plus your local... 
    Suggested
    Seasonal work
    Local area
    Immediate start
    Remote work

    Breakpoint Research

    Falls Church, VA
    16 days ago
  •  ...Labs is seeking a candidate to join their team in identifying vulnerabilities in Apple platforms through static and dynamic analysis techniques...  ...packages, training budgets, and benefits including 25 days paid vacation, healthcare cover, and a matched 401(k) scheme.... 
    Suggested
    Remote job

    Interrupt Labs

    Arlington, VA
    1 day ago
  •  ...data and technology. We are seeking a self‑motivated Senior Vulnerability Researcher who is ready to solve some of the most challenging...  ...exploitation (VE) skills to support critical defensive and offensive cyber requirements. As a senior member of our team, you will... 

    Dormont Manufacturing Company

    Herndon, VA
    2 days ago
  •  ...Required Skills & Qualifications: ~3+ years of experience in offensive cybersecurity (CNO/CNE or similar) ~ Experience researching and evaluating the security of iOS/macOS and/or Android systems ~ Hands-on experience with reverse engineering tools (IDA Pro, Ghidra... 
    Full time

    Maania Consultancy Services

    Springfield, VA
    a month ago
  • $160k - $235k

     ...Description Job Description Senior Vulnerability Researcher Fuze HR Solutions Inc. St....  ...exploitation techniques, and advancing offensive cybersecurity capabilities. If you'...  ...Offensive Security Research Zero-Day Vulnerability Discovery Embedded Device... 
    Immediate start

    Fuze HR Solutions Inc.

    Washington DC
    17 days ago
  • $262.5k - $299.6k

     ...Applied Researcher II Overview At Capital One, we are creating trustworthy and reliable...  ...right thing. You know at the end of the day it’s about making the right decision for...  ...with the ability to document technical vulnerabilities and their direct impact on model privacy... 
    Full time
    Part time
    Local area
    Flexible hours

    Capital One National Association

    McLean, VA
    5 days ago
  • A cybersecurity organization is looking for a Mid-Level Vulnerability Researcher in Arlington, VA. The candidate will analyze and counter malicious software and develop critical cyber capabilities. Required qualifications include expertise in reverse engineering, assembly... 
    Full time

    Zetier

    Arlington, VA
    4 days ago
  • $86.3k - $191k

    ## Vulnerability ResearcherApplylocations: Off Campus - Othertime type: Full timeposted on: Posted Todayjob requisition id: REQ\_0000077...  ...SPECIFICS**We are searching for a self-motivated Vulnerability Researcher to join our Cyberspace Operations Research Department at the... 
    Full time
    Work experience placement
    Remote work
    Work from home

    Penn State University

    Reston, VA
    3 days ago
  • $86.4k - $176.2k

     ...What You’ll Do Conduct vulnerability research and analysis across Linux, Embedded, and Windows operating systems. Reverse engineer complex binaries using tools such as Ghidra, Binary Ninja, IDA Pro, and debuggers like WinDbg. Perform embedded systems analysis and development... 
    For subcontractor
    Live in
    Local area

    Accenture Federal Services

    Herndon, VA
    4 days ago
  •  ...is seeking an Android Wireless Security Researcher to support our growing Mobile Systems team. The candidate will join a team of vulnerability researchers, reverse engineers, and exploit...  ..., enabling work from home with one day of in-office support required per month... 
    Work at office
    Local area
    Work from home
    Flexible hours

    Twosixtechnologies

    Arlington, VA
    1 day ago
  • $55.28 - $81.73 per hour

     ...Description Job Description Location: Vienna, VA Description: The candidate will be working independently as a Vulnerability Researcher to identify flaws in software. The candidate must be familiar with the latest techniques in vulnerability research and demonstrate... 
    Hourly pay
    Contract work
    For contractors
    Local area
    Remote work
    Relocation package

    Cipher Tech Solutions

    Vienna, VA
    4 days ago
  •  ...Description Salary: 100-160k TS/SCI w POLY Required **About the Role:** We need Linux VRers to conduct reverse engineering, vulnerability research, and exploitation on Linux applications. Focus on native apps across architectures like ARM and MIPS to identify and... 

    Falls Technology

    McLean, VA
    17 days ago
  •  ...Sr. Distinguished Applied Researcher Overview: At Capital One, we are creating trustworthy and reliable AI systems, changing banking for...  ...our passion to do the right thing. You know at the end of the day it’s about making the right decision for our customers. Innovative... 
    Local area
    Relocation
    Flexible hours

    Capital One National Association

    McLean, VA
    1 day ago
  • $218.7k - $249.6k

     ...Applied Researcher I (AI Foundations, LLM Customization, Finetuning, Reinforcement Learning) Overview: At Capital One, we are creating trustworthy...  ...our passion to do the right thing. You know at the end of the day it’s about making the right decision for our customers.... 
    Full time
    Part time
    Local area
    Flexible hours

    Capital One

    McLean, VA
    5 days ago
  • $262.5k - $299.6k

     ...Applied Researcher II (AI Foundations, LLM Core and Agentic AI) Overview At Capital One, we are creating trustworthy and reliable AI systems...  ...our passion to do the right thing. You know at the end of the day it’s about making the right decision for our customers.... 
    Full time
    Part time
    Local area
    Flexible hours

    Capital One

    McLean, VA
    5 days ago
  • $110k - $141.71k

     ...automated information sharing, conducting research and analysis, facilitating interagency...  ...one must be completed before your first day of work. Residency Requirement: Applicants...  ...of a victim of domestic violence, sexual offense, or stalking, military service, or other... 
    Remote work
    Monday to Friday
    Flexible hours

    DC Department of Human Resources

    Washington DC
    3 days ago
  • $122k - $162.7k

    Senior Researcher, Healthcare Innovations US-Remote | US-VA-Arlington | US-NC-Chapel Hill | US-IL-Chicago | US-CA-Sacramento | US-TX-Austin...  ...and improve lives for all. Responsibilities: Manage day-to-day project operations in roles such as principal investigator... 
    Remote job
    Full time
    Contract work
    Temporary work
    For contractors
    Fixed term contract
    For subcontractor
    H1b
    Work at office
    Local area

    American Institutes for Research

    Arlington, VA
    2 days ago
  •  ...Do: Our team, within the Cyber Risk and Resilience Directorate, researches, designs, and develops software tools for the collection,...  ...organizations, handling record counts in the tens of billions per day. Position Summary: As a network security researcher on the Network... 
    Full time
    Part time
    Work experience placement

    Software Engineering Institute | Carnegie Mellon University

    Arlington, VA
    13 hours ago
  • $311.9k - $356k

    Sr. Distinguished Applied Researcher Overview: At Capital One, we are creating trustworthy and reliable AI systems, changing banking for...  ...Application Process This role is open for a minimum of 5 business days. No agencies. Contact For accommodations, contact... 
    Local area
    Immediate start

    Capital One National Association

    Mc Lean, VA
    1 day ago
  • $278.4k - $317.7k

    Distinguished Applied Researcher Overview: At Capital One, we are creating trustworthy and reliable AI systems, changing banking for good...  ...our passion to do the right thing. You know at the end of the day it’s about making the right decision for our customers. Innovative... 
    Full time
    Part time
    Local area
    Flexible hours

    Capital One

    Mc Lean, VA
    3 days ago
  •  ...Arlington, Virginia is looking for an Android Wireless Security Researcher to join their Mobile Systems team. In this role, you will be...  ...should have a strong background in reverse engineering, vulnerability research, and possess an active Top Secret US Security clearance... 
    Remote job

    Twosixtechnologies

    Arlington, VA
    1 day ago
  • $122k - $162.7k

     ...Chicago | US-CA-Sacramento | US-TX-Austin Join AIR as a Senior Researcher with our Health Innovations team. Our team works...  ...opportunities and improve lives for all. Responsibilities: Manage day-to-day project operations in roles such as principal investigator... 
    Remote job
    Full time
    Contract work
    Fixed term contract
    H1b
    Work at office

    American Institutes for Research

    Arlington, VA
    4 days ago
  • $162.7k - $263.18k

     ...of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution...  ...truly matters. Job Summary As a Principal Threat Intelligence Researcher on the Unit 42 CTI Services Delivery Team, you will play a... 
    Remote work
    Shift work

    Palo Alto Networks

    Arlington, VA
    4 days ago
  • $218.7k - $249.6k

    Overview Applied Researcher I (Multi-agent Systems, Knowledge Graphs/GraphRAG/Graph-of-Thought / GoT, MCP, LangGraph, Agent Protocols) Team...  ...our passion to do the right thing. You know at the end of the day it’s about making the right decision for our customers.... 
    Full time
    Part time
    Local area
    Flexible hours

    Capital One

    Mc Lean, VA
    3 days ago
  •  ...where we push the boundaries of software and firmware reverse engineering to uncover vulnerabilities in wireless and embedded systems. As part of our elite team of security researchers, you’ll work alongside CNO developers and hardware engineers, conducting cutting‑edge... 
    Contract work
    Local area

    Two Six Technologies

    Herndon, VA
    5 days ago
  • The Software Engineering Institute (SEI) at Carnegie Mellon University in Arlington, VA is seeking a Network Security Researcher on the Network Situational Awareness team. You will research network threats to develop detection methods, tailor these for partner environments... 

    Software Engineering Institute | Carnegie Mellon University

    Arlington, VA
    4 days ago
  • Capital One National Association is seeking an Applied Researcher I to contribute to the development of AI models that enhance customer interactions with banking. The role involves working with cutting-edge technologies and collaborating with various teams to implement... 

    Capital One National Association

    Mc Lean, VA
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to X-Day Offensive Research (XOR) Vulnerability Researcher. Be the first to apply!