SeniorPenetrationTester(Perimeter)-Assessments&ExercisesVicePresident

Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls line of business, you will contribute significantly to enhancing our firm's cybersecurity or resiliency posture. You will use industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. You will design and deploy risk-promoting tests and simulations, and inform analysis to clearly outline root causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

Your primary responsibility will be performing hands-on penetration testing of some of our most critical applications, platforms, and the perimeter. You will work with application developers to understand root causes, mitigate vulnerabilities, and identify early detection points in the SDLC. We seek a candidate eager to learn, committed to excellence, with excellent technical knowledge of security concepts and proven penetration testing expertise.

• Design and execute testing and simulations such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations. Contribute to developing assessment methodologies, tools, and frameworks aligned with the firm's strategy and regulatory requirements.
• Evaluate controls for effectiveness and impact on operational risk, and explore opportunities to automate control evaluation.
• Collaborate with cross-functional teams to develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, to support continuous improvement.
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance assessment strategies and risk management, engaging with industry peers and threat intelligence groups.

• 5+ years of experience in cybersecurity or resiliency, with strong organizational skills to plan, design, and coordinate offensive security testing, assessments, or simulations.
• Significant experience conducting manual penetration tests across various applications and technologies, including web, mobile, thick clients, infrastructure, and cloud, focusing on reducing the perimeter attack surface.
• Knowledge of US financial sector cybersecurity practices, operations risk management, regulations, threats, and incident response methodologies.
• Ability to identify systemic security issues related to threats, vulnerabilities, or risks, with recommendations for improvements. Proficiency in assessment methodologies (e.g., OWASP Top Ten, NIST Cybersecurity Framework), testing tools, or resiliency testing.
• Excellent communication, collaboration, and report writing skills, with the ability to influence stakeholders across functions and levels.

• Proficiency in security concepts for Windows and Unix-like OS.
• Experience in source code review and/or software development using multiple languages (e.g., Python, Java, Rust).
• Experience reverse engineering standalone, thick client, and mobile applications.
• Certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, BSCP.

This role is open in multiple locations including Atlanta, Brooklyn, Chicago, Columbus, Houston, McLean, Plano, Tampa, Washington DC, Wilmington.

JPMorgan Chase, a historic financial institution, offers innovative solutions to a broad client base. Our history spans over 200 years, and we are a leader in various financial sectors. We provide a comprehensive rewards package, including salary, incentives, benefits such as health care, retirement plans, wellness centers, tuition reimbursement, and more. We are committed to diversity and inclusion, and we provide accommodations for applicants and employees with disabilities or religious practices.