Senior Penetration Tester (Infrastructure / Mobile / Web)

  • Competitive
  • Londres, Angleterre, Royaume-Uni
  • CDI, Plein-temps
  • J.P.Morgan
  • 23 mars 19

Senior Penetration Tester (Infrastructure / Mobile / Web)

Senior Penetration Tester (Infrastructure / Mobile / Web)

The role is part of a global cyber security assessments team delivering 'next generation' application and infrastructure testing. Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC, as well as conduct regular penetration tests of the associated infrastructure. In addition to hands on assessments, a high level of internal client interaction is required in this role and as such it would suit a technical individual with good client-facing skills and the ability to describe security issues based on risk and impact. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in both web application and infrastructure assessments. The successful candidate will have a proven track record in delivery in application security and infrastructure related penetration testing.


  • Penetration Testing across infrastructure, mobile and web projects.
  • Reporting on findings and vulnerabilities and occasionally present results to non-technical managers.
  • Review and quality check third party penetration tests.
To be successful in this role, you should have:

  • Strong "quality focused" approach to service delivery.
  • 2+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client beyond running automated tools
  • 2+ years of experience with penetration testing against internal and external facing corporate infrastructures
  • Technical focus on both application (Web, Mobile "Fat" application assessments) and infrastructure testing
  • Understanding of Security architecture both from a penetration testing and design point of view
  • Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
  • Experience documenting technical issues identified during security assessments and building improvements in to the existing service support tools and "standard findings"
  • Ability to communicate security risks to both technical and business audiences
Technical Skills:
  • Good understanding of OWASP and other software security best practices
  • Strong technical ability in current web application testing methodologies
  • Strong technical ability in security related architecture design and assessment (manual approach to penetration testing)
  • Intermediate level understanding of Mobile Application Security concepts
  • Good understanding of exploitation research and mitigation (buffer and stack overflows/protection mechanisms)
  • Experience with scripting languages (Python/Perl) and associated usage within penetration test assessments
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • A strong understanding of web technologies, solutions and attack vectors that apply to application technologies
  • A preferred candidate would have experience of Security source code review or development experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Ability to concisely communicate security risks to both technical and business audience
  • Ability to conduct research and develop, building tools for use by internal teams as well as vulnerability research would be a significant advantage to a candidate.
  • Knowledge of application reverse engineering techniques and procedures

Preferred Qualifications:

  • 5 to 7 years of application and infrastructure security assessment experience
  • GWAPT, GPEN, Offensive security Advanced Web Attacks and Exploitation and/or Offensive security Cracking the Perimeter (CTP) certifications
  • Crest CRT or CCT certifications desired but not essential.
  • Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures

About J.P. Morgan Chase & Co:

J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.1 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its JPMorgan and Chase, and WaMu brands.

J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package. J.P. Morgan is an Equal Opportunity Employer.