Senior Penetration Tester (Infrastructure / Mobile / Web / Cloud)

Location:Greater London
Job Type:Full Time

Senior Penetration Tester (Infrastructure / Mobile / Web / Cloud)

The role is part of a global cyber security assessments team delivering ‘next generation’ application and infrastructure testing. Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC, as well as conduct regular penetration tests of the associated infrastructure. In addition to hands on assessments, a high level of internal client interaction is required in this role and as such it would suit a technical individual with good client-facing skills and the ability to describe security issues based on risk and impact. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in both web application and cloud/infrastructure assessments. The successful candidate will have a proven track record in delivery in application security and infrastructure related penetration testing.


  • Penetration Testing across infrastructure, cloud, mobile and web projects.
  • Reporting on findings and vulnerabilities and occasionally present results to non-technical managers.
  • Review and quality check third party penetration tests.

To be successful in this role, you should have:

  • Strong “quality focused” approach to service delivery.
  • 2+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client beyond running automated tools
  • 2+ years of experience with penetration testing against internal and external facing corporate infrastructures and cloud
  • Technical focus on both application (Web, Mobile “Fat” application assessments) and infrastructure testing
  • Understanding of Security architecture both from a penetration testing and design point of view
  • Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
  • Experience documenting technical issues identified during security assessments and building improvements in to the existing service support tools and “standard findings”
  • Ability to communicate security risks to both technical and business audiences

Technical Skills:

  • Good understanding of OWASP and other software security best practices
  • Strong technical ability in current web application testing methodologies
  • Strong technical ability in security related architecture design and assessment (manual approach to penetration testing)
  • Strong understanding of Cloud technologies, solutions and attack vectors that apply to Cloud environments
  • Good understanding of Mobile Application Security concepts
  • Good understanding of exploitation research and mitigation (buffer and stack overflows/protection mechanisms)
  • Experience with scripting languages (Python/Perl) and associated usage within penetration test assessments
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • A strong understanding of web technologies, solutions and attack vectors that apply to application technologies
  • A preferred candidate would have experience of Security source code review or development experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Ability to concisely communicate security risks to both technical and business audience
  • Ability to conduct research and develop, building tools for use by internal teams as well as vulnerability research would be a significant advantage to a candidate.
  • Knowledge of application reverse engineering techniques and procedures

Preferred Qualifications:

  • 5+ years of application and infrastructure security assessment experience
  • GWAPT, GPEN, Offensive security Advanced Web Attacks and Exploitation and/or Offensive security Cracking the Perimeter (CTP) certifications
  • Crest CRT or CCT certifications desired but not essential.
  • Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures

JPMorgan Chase & Co. offers an exceptional benefits program and a highly competitive compensation package. JPMorgan Chase& Co. is an Equal Opportunity Employer and a member of the UK Government’s Disability Confident Scheme.