Apply Now    

Senior Penetration Tester - Cybersecurity

Job Description

JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world's most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at
The Cybersecurity organization’s objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure.  The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat.  We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
Senior Web Application Security Tester
The role is part of a global cyber security assessments team delivering ‘next generation’ web application testing.  Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC. In addition to hand on assessments, a high level of internal client interaction is required in this role and as such as it would suite a technical individual with good “ client facing” skills and the ability to descried security issues based on risk and impact. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in web application assessments. The successful candidate will have a proven track record in delivery in application security and penetration testing.
To be successful in this role, you should have:
  • Experience leading a team of 3-5 junior web application security testers
  • Experience with running security scans and vulnerability assessments of web applications using industry standard tools and technologies
  • Ability to conduct research and develop tools for use by internal teams
  • Knowledge and ability to analyze and develop web security threat models and test plans
  • Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
  • Experience documenting technical issues identified during security assessments
  • Experience with recommending counter-measures and remediation techniques
  • Ability to correlate test findings to any existing threat models to static and/or dynamic scan results to identify and recommend improvements to those other processes
  • Understanding of SDLC consultancy related to web application vulnerabilities 
  • Experience in clearly and effectively communicating with clients and stakeholder
  • Project Management
Technical Skills: 
  • Expert level understanding of OWASP and other software security best practices
  • Intermediate level understanding of Mobile Application Security concepts
  • Significate experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • Experience with threat modelling and security design review methodologies
  • A strong understanding of Unix, Windows and network security skills
  • Ability to work both independently and perform as a leader in a team environment
  • Ability to work as part of a distributed team
  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences
  • Significate experience with deliver of penetration tests both individually as well as part of a team
  • Knowledge and understanding of Agile SDLC and Continuous Testing / Continuous Delivery models
Management and Organization Skills:
  • Excellent verbal and written communication skills
  • Strong organizational skills
  • Proven ability to build relationships with clients and stakeholder
  • Ability to motivate, mentor and develop talent both technically and interpersonal skills
  • Solid understanding of enterprise risk management concepts
  • Highly responsive with an ability to handle escalations quickly and professionally
  • Ability to create, communicate and implement strategies
  • Experience with vendor management
Preferred Qualifications:
  • Masters Degree in Engineering, Business Management, or Technology related fields a major plus
  • 5 to 7 years of application security assessment experience  
  • GWAPT, GPEN, Offensive security  Advanced Web Attacks and Exploitation and/or Offensive security  Cracking the Perimeter (CTP) certifications
  • Knowledge of application reverse engineering techniques and procedures
  • Must have the ability to perform targeted applications penetration tests without use of automated tools
  • Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures  
Req #: 160040500
Location: Jersey City, NJ US
Job Category: Technology
Employment Type: Full Time
Potential Referral Amount: 5000 US Dollar (USD)

Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Join Now

Privacy Statement

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.

Keep in touch

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.