Senior Penetration Tester (Web / Infrastructure / Mobile)

  • Competitive
  • London, England, United Kingdom London England GB
  • Permanent, Full time
  • J.P.Morgan
  • 17 Aug 18 2018-08-17

Senior Penetration Tester (Web / Infrastructure / Mobile)

The Cybersecurity organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.

Penetration Tester

The role is part of a global cyber security assessments team delivering 'next generation' application and infrastructure testing. Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC, as well as conduct regular penetration tests of the associated infrastructure. In addition to hands on assessments, a high level of internal client interaction is required in this role and as such it would suite a technical individual with good " client facing" skills and the ability to describe security issues based on risk and impact. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in both web application and infrastructure assessments. The successful candidate will have a proven track record in delivery in application security and infrastructure related penetration testing.

To be successful in this role, you should have:

  • Strong "quality focused" approach to service delivery.
  • 2+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client beyond running automated tools
  • 2+ years of experience with penetration testing against internal and external facing corporate infrastructures
  • Technical focus on both application (Web, Mobile "Fat" application assessments) and infrastructure testing
  • Understanding of Security architecture both from a penetration testing and design point of view
  • Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
  • Experience documenting technical issues identified during security assessments and building improvements in to the existing service support tools and "standard findings"
  • Ability to communicate security risks to both technical and business audiences
Technical Skills:
  • Good understanding of OWASP and other software security best practices
  • Strong technical ability in current web application testing methodologies
  • Strong technical ability in security related architecture design and assessment (manual approach to penetration testing)
  • Good understanding of Security concepts for both Windows and Unix related operating Systems
  • Good understanding of current "high impact" and "well known" application and infrastructure vulnerabilities
  • Intermediate level understanding of Mobile Application Security concepts
  • Good understanding of exploitation research and mitigation (buffer and stack overflows/protection mechanisms)
  • Experience with scripting languages (Python/Perl) and associated usage within penetration test assessments
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • Experience with usage and deployment of infrastructure assessment tools (commercial and open source scanners)
  • A strong understanding of web technologies, solutions and attack vectors that apply to application technologies
  • Knowledge of security design review methodologies
  • A preferred candidate would have experience of Security source code review or development experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Ability to concisely communicate security risks to both technical and business audience
  • Ability to conduct research and develop, building tools for use by internal teams as well as vulnerability research would be a significant advantage to a candidate.
  • Knowledge of application reverse engineering techniques and procedures

    Management and Organization Skills:

  • Excellent verbal and written communication skills
  • Strong organizational skills
  • Proven ability to build relationships with clients and stakeholder
  • Solid understanding of enterprise risk management concepts
  • Highly responsive with an ability to handle escalations quickly and professionally
  • Ability to create, communicate and implement strategies
  • Ability to work as part of a distributed team environment

    Preferred Qualifications:

  • Masters Degree in Engineering, Business Management, or Technology related fields a major plus
  • 5 to 7 years of application and infrastructure security assessment experience
  • GWAPT, GPEN, Offensive security Advanced Web Attacks and Exploitation and/or Offensive security Cracking the Perimeter (CTP) certifications
  • Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures

About J.P. Morgan Chase & Co:

J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.1 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its JPMorgan and Chase, and WaMu brands.

J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package. J.P. Morgan is an Equal Opportunity Employer