Apply Now    

Mobile Penetration Tester - Cybersecurity

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
 
The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure.  The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat.  We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
 
Mobile Application Security Tester
The role is part of a global cyber security assessments team delivering ‘next generation’ mobile application security testing.  Primary focus of this role would be to perform hands on penetration testing of some of the most critical mobile applications with JPMC on various mobile platforms. In addition to hand on assessments, a high level of internal client interaction is required in this role and as such as it would suite a technical individual with good “ client facing” skills and the ability to descried security issues based on risk and impact. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in mobile native and mobile web application assessments. The successful candidate will have a proven track record in delivery in application security and penetration testing.
 
To be successful in this role, you should have:
  • Hands-on experience with security scans and vulnerability assessments of mobile applications and devices
  • Familiarity with various open source and commercial mobile security assessment tools and technologies
  • Basic knowledge of mobile forensics
  • Ability to perform research and develop mobile testing tools for use by internal teams
  • Ability to analyze and develop mobile security threat models and test plans
  • Experience working with mobile application developers to validate, assess, understand root cause and mitigate vulnerabilities
  • Experience with configuration and operation of scanning and testing tools and environment
  • Ability to effectively documentation of test results
Technical Skills:
  • Experience with network, server, mobile/web application ethical hacking and exploitation
  • Programming ability or development experience in at least one of the following languages: .NET (ASP.NET), Java, Perl, Python, Ruby, C/C++/ObjectiveC.
  • Experience using XCode or Eclipse for mobile testing.
  • Understanding of Windows, *Nix, Android and iOS filesystems and security architecture along with scripting capabilities
  • Hands-on experience with mobile device forensics and analysis.
  • Hands-on experience with mobile application reverse engineering, security/source code analysis and binary patching.
  • Demonstrated experience with mobile security tools such as NowSecure Lab, Drozer, Substrate, Xposed-Framework and etc.…
  • Understanding of Mobile Device Management services
  • Familiarity with common vulnerabilities in major operating systems (i.e., Windows, Unix and iOS/Android) and ability to track the emergence of new exploitation techniques
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences
  • Knowledge and understanding of Agile SDLC and Continuous Testing / Continuous Delivery models
 Management and Organization Skills: 
  • Excellent verbal and written communication skills
  • Strong organizational skills
  • Proven ability to build relationships with clients and stakeholder
  • Ability to motivate, mentor and develop talent both technically and interpersonal skills
  • Solid understanding of enterprise risk management concepts
  • Highly responsive with an ability to handle escalations quickly and professionally 
Preferred Qualifications:
  • Bachelor’s Degree in Engineering or Technology related fields a major plus
  • 2 to 4 years of  mobile application security assessment experience  
  • GMOB, GWAPT, GPEN Certification
  • Knowledge of application reverse engineering techniques and procedures
  • Must have the ability to perform targeted applications penetration tests without use of automated tools
  • Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures
Req #: 160040525
Location: Jersey City, NJ US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 3000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.


Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.