CybersecurityJobs.io
← Back to all jobs

Job Description

The Senior Penetration Tester will lead hands-on assessments for JPMorganChase across web, API, cloud, infrastructure, and limited banking hardware and IoT environments, overseeing planning, execution, reporting, and remediation guidance with stakeholders.

Responsibilities

  • Plan, scope, and execute penetration testing engagements across web applications, APIs, cloud platforms, infrastructure, thick-client, and mobile applications (primary focus).
  • Perform security assessments of banking hardware and connected/IoT technologies (limited but expected), including ATMs, POS devices, and other embedded endpoints.
  • Collect and validate pre-requisites for each engagement, ensuring access, documentation, and approvals are in place (including lab/onsite testing logistics and device access where applicable).
  • Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts.
  • Document and communicate findings through comprehensive reports with technical details, risk assessments, and actionable remediation recommendations.
  • Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables.
  • Collaborate with development, infrastructure, security, and device/product engineering teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security.
  • Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups.
  • Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to align with firm strategy and regulatory requirements.

Requirements

  • 5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
  • Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile (Android/iOS) applications, including use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.).
  • Working knowledge of testing approaches for connected devices/IoT and purpose-built banking devices (e.g., ATMs, POS), including common attack surfaces such as exposed services, remote administration paths, authentication/authorization, hardening gaps, and insecure configurations.
  • Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards.
  • Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable remediation recommendations.
  • Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
  • Experience conducting peer reviews of penetration test reports and mentoring junior testers.
  • Continuous learner who keeps up with the latest offensive security trends, tools, and techniques.

Technologies

  • Burp Suite
  • Nmap
  • Metasploit
  • AWS
  • Azure
  • GCP
  • Android
  • iOS
  • Python
  • Java
  • Rust
  • Windows
  • Unix-like

Benefits

  • Base salary determined by role, experience, skill set and location
  • Commission-based pay and/or discretionary incentive compensation, paid in cash and/or forfeitable equity
  • Comprehensive health care coverage
  • On-site health and wellness centers
  • Retirement savings plan
  • Backup childcare
  • Tuition reimbursement
  • Mental health support
  • Financial coaching

Preferred Qualifications, Capabilities, and Skills

  • Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks.
  • Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
  • Experience conducting security-focused source code reviews (e.g., Python, Java, Rust).
  • Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
  • Experience assessing embedded systems / IoT devices in lab or onsite environments (e.g., device interface review, firmware/configuration analysis, and network/service exposure testing) relevant to ATM/POS ecosystems.
  • Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP.

Similar Jobs