Senior Penetration Tester - Hardware Focus

Senior Penetration Tester – Hardware Focus

Job Description
Join our dedicated team where your expertise in risk assessments and cybersecurity exercises propels our mission of safeguarding operations and enhancing resiliency. This role offers a unique opportunity to shape our security posture and contribute to continuous improvement in an environment that values innovation and teamwork.

• Collaborate with other Assessments & Exercises team members to conduct testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements.
• Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation.
• Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders to support continuous improvement.
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations, applying this knowledge to enhance the firm's assessment strategy.

• 3+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises.
• Experience conducting manual penetration tests against a wide variety of applications and technologies, including web, API, and mobile (Android & iOS) applications.
• Expertise in common cybersecurity threats and technology resiliency risks pertinent to the US financial services sector.
• Proficiency in at least two security assessment methodologies (e.g., OWASP Top Ten, NIST Cybersecurity Framework, offensive testing tools, or resiliency testing equivalents).
• Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross‑functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders.

• Proficiency in security concepts for both Windows and Unix-like Operating Systems.
• Additional experience in testing thick clients, internal and external facing infrastructures, and cloud platforms (AWS, Azure, GCP).
• Experience in source code review and/or building software with multiple programming languages (e.g., Python, Java, Rust, etc.).
• Experience in reverse engineering thick clients and mobile applications.
• Certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP.

Our professionals in Corporate Functions cover a diverse range of areas from finance and risk to human resources and marketing. Our corporate teams are an essential part of our company, ensuring that we’re setting our businesses, clients, customers, and employees up for success.

JPMorgan Chase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers, small businesses, and many of the world’s most prominent corporate, institutional and government clients under the J.P. Morgan and Chase brands. We recognize that our people are our strength, and the diverse talents they bring to our global workforce are directly linked to our success.

We are an equal‑opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law.

Seniority Level: Not Applicable

Employment Type:

Full‑time
Job Function:
Information Technology

Location:

Columbus, OH | Salary: $120,000 – $140,000