Based in New York City on site, JPMorganChase seeks a Senior Penetration Tester to bolster the security of high‑impact systems across the organization. This role focuses on planning, executing, and reporting penetration tests for web applications, APIs, cloud platforms, infrastructure, thick‑client, and mobile environments, delivering actionable remediation guidance to strengthen defenses within a major financial services context.
Compensation
Salary: USD 152,000 - 260,000 per year
Responsibilities
- Plan, scope, and execute penetration testing engagements across web applications, APIs, cloud platforms, infrastructure, thick‑client, and mobile environments.
- Gather prerequisites for each engagement and verify access, documentation, and approvals are in place before testing begins.
- Conduct both manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses using standard tools and custom scripts.
- Document findings in comprehensive reports with technical details, risk assessments, and clear remediation recommendations.
- Perform peer reviews of penetration test reports to ensure accuracy and quality of deliverables.
- Collaborate with development, infrastructure, and security teams to clarify findings and support remediation, sharing offensive security expertise.
- Stay current with emerging threats and attack techniques through threat intelligence, research, and participation in industry groups.
- Contribute to evolving penetration testing methodologies, tools, and frameworks to align with firm strategy and regulatory requirements.
Requirements
- 5+ years of hands‑on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
- Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick‑client, and mobile applications (Android/iOS), using industry tools such as Burp Suite, Nmap, and Metasploit.
- Strong understanding of security assessment methodologies including OWASP Top Ten and the NIST Cybersecurity Framework.
- Ability to identify systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable remediation recommendations.
- Exceptional organizational and communication skills, with the ability to write detailed technical reports and present findings to technical and non‑technical stakeholders.
- Experience conducting peer reviews of reports and mentoring junior testers.
- Committed to continuous learning and staying current with offensive security trends, tools, and techniques.
Technologies
- Burp Suite
- Nmap
- Metasploit
- AWS
- Azure
- GCP
- Android
- iOS
- Windows
- Unix‑like operating systems
- Python
- Java
- Rust
Benefits
- Base salary
- Commission‑based pay and/or discretionary incentive compensation in cash and/or forfeitable equity
- Comprehensive health care coverage
- On‑site health and wellness centers
- Retirement savings plan
- Backup childcare
- Tuition reimbursement
- Mental health support
- Financial coaching
About Chase
Chase is a leading financial services firm that helps nearly half of American households and small businesses reach their financial goals with a broad portfolio of products. The mission centers on building engaged, lifelong relationships and placing customers at the heart of every decision. The firm also supports small businesses, nonprofits, and cities with growth‑oriented financial solutions.
About the Team
Our Consumer & Community Banking division serves Chase customers with a wide range of services, including personal banking, credit cards, mortgages, auto financing, investment guidance, small business loans, and payment processing. We lead in U.S. credit card sales and deposit growth, operate the most‑used digital solutions, and maintain top customer satisfaction.