Senior Penetration Tester

Job Description
This role is also open to Wilmington DE | Columbus OH | Plano, TX | Washington, DC.
Join our dedicated team in a role where your expertise in risk assessments and cybersecurity exercises propels forward our mission of safeguarding our operations and enhancing resiliency. This position offers the unique opportunity to shape our security posture and contribute to our continuous improvement in an environment that values innovation and teamwork.
As an Assessments & Exercises Senior Associate in the Cybersecurity & Technology Controls team, you will help enhance the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Collaborate with the team to design and execute risk-driven tests and simulations. Evaluate preventative controls, incident response processes, and detection capabilities. Your ability to make informed decisions and foster continuous improvement will allow you to contribute to the achievement of the team's operational goals and the mitigation of cyber and resiliency risks.
As part of the penetration test team, your primary responsibility will be performing hands on penetration testing of some of the firms most critical web and mobile applications. You will work with application developers to not only understand root cause and mitigate vulnerabilities, but also to identify where vulnerabilities can be identified earlier in the Software Development Life Cycle (SDLC). As a successful candidate within our team, you are expected to demonstrate an eagerness to learn, the promote to excel, excellent technical knowledge of security concepts, and proven expertise in penetration testing.
Job responsibilities

• Collaborate with other Assessments & Exercises team members to conduct testing and simulations - such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements
• Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders as you contribute to decisions that yield continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy

Required qualifications, capabilities, and skills

• 3+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises
• Experience conducting manual penetration tests against a wide variety of applications and technologies including web, API, and mobile (Android & iOS) applications
• Expertise in common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
• Proficiency in at least two security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework, offensive testing tools, or resiliency testing equivalents
• Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders

Preferred qualifications, capabilities, and skills

• Proficiency in security concepts for both Windows and Unix-like Operating Systems
• Additional experience in testing thick clients, internal and external facing infrastructures, and cloud platforms (AWS/Azure/GCP)
• Experience in source code review and/or building software with multiple programming languages (i.e. Python, Java, Rust, etc.)
• Experience in reverse engineering thick clients and mobile applications
• Certifications like OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP

About Us
JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses and many of the world's most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. Our history spans over 200 years and today we are a leader in investment banking, consumer and small business banking, commercial banking, financial transaction processing and asset management.
We offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
About the Team
Our professionals in our Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we're setting our businesses, clients, customers and employees up for success.