Senior Offensive Security Operator

JLL empowers you to shape a brighter way.  

Our people at JLL and JLL Technologies are shaping the future of real estate for a better world by combining world class services, advisory and technology for our clients. We are committed to hiring the best, most talented people  and empowering them to  thrive, grow meaningful careers and to find a place where they belong.  Whether you’ve got deep experience in commercial real estate, skilled trades or technology, or you’re looking to apply your relevant experience to a new industry, join our team as we help shape a brighter way forward.   

Senior Offensive Security Operator

This position will be responsible for designing and delivering, both individually and collaboratively, security testing against a range of technologies and operational processes to continuously assess JLL’s global attack surface.  The role will execute and provide custom written deliverables related to testing and remediation or mitigation guidance across a variety of engagements that are planned and ad hoc; long and short term; disclosed and undisclosed.   The ideal candidate will be experienced and comfortable simulating adversaries with a range of capabilities and intents representative of the threat landscape.

Primary Responsibilities

• Plan, execute, and report on testing against managed and unmanaged devices running Windows, Linux, MacOS, and iOS
• Plan, execute, and report on authenticated and unauthenticated web application testing, to include executing specific attack methodologies targeting API vulnerabilities
• Plan, execute, and report on testing against cloud environments with a focus on identifying gaps in cloud-native security configurations
• Plan, execute, and report on testing against embedded systems, with an emphasis on OT employed in commercial property technologies
• Plan, execute, and report on testing against physical security and Wi-Fi vulnerabilities
• Ability to develop and execute custom tools as necessary
• Ability, as part of Purple Team engagements, to develop and validate detection methodologies based on testing findings
• Ability to advise developers on code-based fixes to address application vulnerabilities discovered during testing
• Ability to advise on hardening as well as identity proofing and authentication mechanisms to address vulnerabilities identified during testing

Job Requirements

• 8+ years of technical cybersecurity experience with at least 5 years of offensive security experience
• Experience developing and conducting Red Team and Purple Team engagements against Enterprise IT users and online applications
• Experience with vulnerability discovery within and exploitation of embedded systems
• Experience with reverse engineering both firmware and software
• Experience developing and deploying custom persistence and exfiltration tools
• Experience writing and delivering reports from testing engagements
• Experience leveraging testing findings to develop detection and prevention methodologies leveraging security technologies to include SIEM and EDR
• Experience executing web application penetration tests
• Ability to communicate remediation guidance to developers
• Ability to adapt and prioritize in a fast-paced work environment
• Excellent written and oral communication skills
• Work independently and within a team to build relationships and interact effectively with business partners.
• A desire to work within a diverse, collaborative, and driven professional environment.

Estimated total compensation ran for this position is:

The pay range listed is a total compensation range including bonus, if applicable. The provided range is an estimate and not guaranteed. An employment offer is based on applicant’s education, experience, skills, abilities, geographic location, internal equity and alignment with market data.

Location:

If this job description resonates with you, we encourage you to apply, even if you don’t meet all the requirements.  We’re interested in getting to know you and what you bring to the table!

Personalized benefits that support personal well-being and growth:

JLL recognizes the impact that the workplace can have on your wellness, so we offer a supportive culture and comprehensive benefits package that prioritizes mental, physical and emotional health. Some of these benefits may include:

• 401(k) plan with matching company contributions

• Comprehensive Medical, Dental & Vision Care

• Paid parental leave at 100% of salary 

• Paid Time Off and Company Holidays

JLL Privacy Notice

Jones Lang LaSalle (JLL), together with its subsidiaries and affiliates, is a leading global provider of real estate and investment management services. We take our responsibility to protect the personal information provided to us seriously. Generally the personal information we collect from you are for the purposes of processing in connection with JLL’s recruitment process. We endeavour to keep your personal information secure with appropriate level of security and keep for as long as we need it for legitimate business or legal reasons. We will then delete it safely and securely.

For more information about how JLL processes your personal data, please view our Candidate Privacy Statement.

For additional details please see our career site pages for each country.

For candidates in the United States, please see a full copy of our Equal Employment Opportunity and Affirmative Action policy here.

This position may require you to be fully vaccinated against COVID-19. If required, you’ll be asked to provide proof that you’re fully vaccinated upon your start date. You’re considered fully vaccinated two weeks after you receive the second dose of a two-dose vaccine series (e.g., Pfizer or Moderna) or two weeks after a single-dose vaccine (e.g., Johnson & Johnson/Janssen). Failure to provide proof of vaccination may result in termination. 

Jones Lang LaSalle (“JLL”) is an Equal Opportunity Employer and is committed to working with and providing reasonable accommodations to individuals with disabilities.  If you need a reasonable accommodation because of a disability for any part of the employment process – including the online application and/or overall selection process –  you may contact us at Accommodation Requests. This email is only to request an accommodation. Please direct any other general recruiting inquiries to our Contact Us page > I want to work for JLL.

Pursuant to the Arizona Civil Rights Act, criminal convictions are not an absolute bar to employment.

Pursuant to Illinois Law, applicants are not obligated to disclose sealed or expunged records of conviction or arrest.

Pursuant to Columbia, SC ordinance, this position is subject to a background check for any convictions directly related to its duties and responsibilities. Only job-related convictions will be considered and will not automatically disqualify the candidate.

California Residents only

If you are a California resident as defined in the California Consumer Privacy Act (CCPA) please view our Supplemental Privacy Statement which describes your rights and disclosures about your personal information. If you are viewing this on a mobile device you may want to view the CCPA version on a larger device.

Pursuant to the Los Angeles Fair Chance Initiative for Hiring Ordinance, JLL will consider for employment all qualified Applicants, including those with Criminal Histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Accepting applications on an ongoing basis until candidate identified.