LOG IN
SIGN UP
Canary Wharfian - Online Investment Banking & Finance Community.
Sign In
or continue with e-mail and password
Forgot password?
Don't have an account?
Create an account
or continue with e-mail and password
By signing up, you agree to our Terms & Conditions and Privacy Policy.

Senior Penetration Tester - Web & Hardware/IoT

ExperiencedNo visa sponsorship
J.P. Morgan logo

at J.P. Morgan

Bulge Bracket Investment Banks

Posted 13 days ago

No clicks

**Senior Penetration Tester - Web & Hardware/IoT**: Lead offensive security forbanking applications, platforms, and connected devices. Plan, execute, and report penetration tests targeting web apps, APIs, cloud, mobile, and (limited) banking hardware/IoT. Collaborate cross-functionally, stay updated with emerging threats, and improve testing methodologies. Requires 5+ years of hands-on experience, expertise in manual testing, and understanding of security standards. Strong organizational and communication skills needed. Preferred: FINICAL sector knowledge, relevant certifications (OSWE, CREST, OSCP). Multiple US locations available.

Compensation
Not specified

Currency: Not specified

City
Chicago, New York City, Atlanta, Brooklyn, Houston, Washington DC
Country
United States

Full Job Description

Location: Chicago, IL, United States

This position is also open in the following locations: New York, NY / Atlanta, FL / Plano, TX / Columbus, OH / McLean, VA / Wilmington, DE / Jersey City, NJ / Tampa, FL / Brooklyn, NY / Houston, TX / Washington, DC

Drive the security of critical banking applications, platforms, and connected devices through hands-on offensive testing.

As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization, you will play a key role in safeguarding the firms most vital assets. Your primary responsibility will be to plan, execute, and report on penetration tests targeting high-impact applications, platforms, services, and on a more limited basis banking hardware and IoT endpoints (e.g., ATMs, Point of Sale devices, and other connected devices). Leveraging industry-standard methodologies and advanced techniques, you will proactively identify vulnerabilities, collaborate with application owners to understand root causes, and guide effective remediation to strengthen the firms security posture.

We are seeking candidates with a passion for offensive security, deep technical expertise in penetration testing, and a commitment to continuous learning and excellence.

Job responsibilities

  • Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications (primary focus).
  • Perform security assessments of banking hardware and connected/IoT technologies (limited but expected), such as ATMs, Point of Sale (POS) devices, and other embedded endpoints.
  • Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place (including lab/onsite testing logistics and device access where applicable).
  • Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts.
  • Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations.
  • Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables.
  • Collaborate with development, infrastructure, security, and device/product engineering teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security.
  • Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups.
  • Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements.

Required qualifications, capabilities, and skills

  • 5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
  • Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile (Android/iOS) applications, including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.).
  • Working knowledge of testing approaches for connected devices/IoT and purpose-built banking devices (e.g., ATMs, POS), including common attack surfaces such as exposed services, remote administration paths, authentication/authorization, hardening gaps, and insecure configurations.
  • Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards.
  • Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation.
  • Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
  • Experience conducting peer reviews of penetration test reports and mentoring junior testers.
  • Continuous learner who keeps up with the latest offensive security trends, tools, and techniques.

Preferred qualifications, capabilities, and skills

  • Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks.
  • Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
  • Experience conducting security-focused source code reviews (e.g., Python, Java, Rust).
  • Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
  • Experience assessing embedded systems / IoT devices in lab or onsite environments (e.g., device interface review, firmware/configuration analysis, and network/service exposure testing) relevant to ATM/POS ecosystems.
  • Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP.

 

#CTC

Senior Penetration Tester - Web & Hardware/IoT

Compensation

Not specified

City: Chicago, New York City, Atlanta, Brooklyn, Houston, Washington DC

Country: United States

J.P. Morgan logo
Bulge Bracket Investment Banks

13 days ago

No clicks

at J.P. Morgan

ExperiencedNo visa sponsorship

**Senior Penetration Tester - Web & Hardware/IoT**: Lead offensive security forbanking applications, platforms, and connected devices. Plan, execute, and report penetration tests targeting web apps, APIs, cloud, mobile, and (limited) banking hardware/IoT. Collaborate cross-functionally, stay updated with emerging threats, and improve testing methodologies. Requires 5+ years of hands-on experience, expertise in manual testing, and understanding of security standards. Strong organizational and communication skills needed. Preferred: FINICAL sector knowledge, relevant certifications (OSWE, CREST, OSCP). Multiple US locations available.

Full Job Description

Location: Chicago, IL, United States

This position is also open in the following locations: New York, NY / Atlanta, FL / Plano, TX / Columbus, OH / McLean, VA / Wilmington, DE / Jersey City, NJ / Tampa, FL / Brooklyn, NY / Houston, TX / Washington, DC

Drive the security of critical banking applications, platforms, and connected devices through hands-on offensive testing.

As an Assessments & Exercises Vice President in the Cybersecurity and Technology Controls organization, you will play a key role in safeguarding the firms most vital assets. Your primary responsibility will be to plan, execute, and report on penetration tests targeting high-impact applications, platforms, services, and on a more limited basis banking hardware and IoT endpoints (e.g., ATMs, Point of Sale devices, and other connected devices). Leveraging industry-standard methodologies and advanced techniques, you will proactively identify vulnerabilities, collaborate with application owners to understand root causes, and guide effective remediation to strengthen the firms security posture.

We are seeking candidates with a passion for offensive security, deep technical expertise in penetration testing, and a commitment to continuous learning and excellence.

Job responsibilities

  • Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications (primary focus).
  • Perform security assessments of banking hardware and connected/IoT technologies (limited but expected), such as ATMs, Point of Sale (POS) devices, and other embedded endpoints.
  • Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place (including lab/onsite testing logistics and device access where applicable).
  • Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts.
  • Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations.
  • Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables.
  • Collaborate with development, infrastructure, security, and device/product engineering teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security.
  • Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups.
  • Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements.

Required qualifications, capabilities, and skills

  • 5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
  • Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile (Android/iOS) applications, including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.).
  • Working knowledge of testing approaches for connected devices/IoT and purpose-built banking devices (e.g., ATMs, POS), including common attack surfaces such as exposed services, remote administration paths, authentication/authorization, hardening gaps, and insecure configurations.
  • Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards.
  • Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation.
  • Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
  • Experience conducting peer reviews of penetration test reports and mentoring junior testers.
  • Continuous learner who keeps up with the latest offensive security trends, tools, and techniques.

Preferred qualifications, capabilities, and skills

  • Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks.
  • Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
  • Experience conducting security-focused source code reviews (e.g., Python, Java, Rust).
  • Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
  • Experience assessing embedded systems / IoT devices in lab or onsite environments (e.g., device interface review, firmware/configuration analysis, and network/service exposure testing) relevant to ATM/POS ecosystems.
  • Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP.

 

#CTC