JPMC Cybersecurity's purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Cyber Assessments team supports Cybersecurity’s vision and mission by conducting a variety of security assessments, including infrastructure and application penetration tests, social engineering tests and threat intelligence-led adversary simulations of various sophistication levels.
JPMC Cyber Assessments are looking to expand its Red Team with an experienced Red Team Operator / Penetration Tester in London, UK. Primary focus of this role will be to perform hands on offensive activities as part of red team engagements against critical JPMC assets. The successful candidate will have a proven track record in conducting network exploitation operations and application penetration tests. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies and penetration testing tools.
To be successful in this role, the candidate should have expertise and strong experience in at least two of the following areas:
- Network penetration testing
- Application (web, mobile, etc.) penetration testing
- Social engineering (e-mail phishing, phone, physical, etc.)
- Red Team operations
- Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
- Strong understanding of Windows/Linux/Unix operating systems
- Strong understanding of operating system and software vulnerabilities and exploitation techniques
- Strong understanding of web application vulnerabilities and exploitation techniques, covering the OWASP Top 10 as a minimum
- Strong knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
- Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
- Bachelor's Degree in Engineering or Technology related fields a major plus
- SANS (GPEN, GXPN, GWAPT), Offensive Security (OSCP, OSCE), CREST/Tiger Scheme Certified Tester certifications or equivalent strongly desired.
- Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
- Knowledge and experience in using interpreted languages (Ruby, Python, Perl, etc.) and/or compiled languages (C, C++, C#, Java, etc.)
- Experience in developing in house tools / scripts to improve delivery and facilitate testing operations
- Ability to perform targeted, covert penetration tests with vulnerability identification, exploitation and post-exploitation activities with no or minimal use of automated tools
- Well versed in security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
- Knowledge of application reverse engineering techniques and procedures
- Understanding of financial sector, or other large organization, security and IT infrastructures
- Excellent written and verbal communication skills
- Ability to articulate and visually present complex penetration testing and red team results
- Ability to work effectively independently and in a team
- Ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
All internal moves will normally take place on the same grade and same salary. Salaries are reviewed annually in February. Exceptions to the rule regarding transfer on current salary may include a move between geographic locations.
Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.
The firm invites all interested and qualified candidates to apply for employment opportunities.
If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please contact us by calling (US and Canada Only) 1-866-777-4690. Please indicate the specifics of the assistance needed.