Senior Penetration Tester (Web/API/Thick-Clients) - Assessments & Exercises Vice President
Company: JPMorgan Chase & Co.
Location: Columbus
Posted on: April 2, 2026
|
|
|
Job Description:
Description Contribute to leading-edge security and resilience
efforts, advancing protective strategies and propelling continuous
improvement. As an Assessments & Exercises Vice President in the
Cybersecurity and Technology Controls line of business, you will
contribute significantly to enhancing the firm's cybersecurity or
resiliency posture by using industry-standard assessment
methodologies and techniques to proactively identify risks and
vulnerabilities in people, processes, and technology. Design and
deploy risk-driven tests and simulations (or manage a
highly-skilled team that does) and inform analysis to clearly
outline root-causes. In this role, you will evaluate preventative
controls, incident response processes, and detection capabilities,
and advise cross-functional teams on security strategy and risk
management. Job responsibilities Design and execute testing and
simulations – such as penetration tests, technical controls
assessments, cyber exercises, or resiliency simulations, and
contribute to the development and refinement of assessment
methodologies, tools, and frameworks to ensure alignment with the
firm’s strategy and compliance with regulatory requirements
Evaluate controls for effectiveness and impact on operational risk,
as well as opportunities to automate control evaluation Collaborate
closely with cross-functional teams to develop comprehensive
assessment reports – including detailed findings, risk assessments,
and remediation recommendations – making data-driven decisions that
encourage continuous improvement Utilize threat intelligence and
security research to stay informed about emerging threats,
vulnerabilities, industry best practices, and regulations. Apply
this knowledge to enhance the firm's assessment strategy and risk
management. Engage with peers and industry groups that share threat
intelligence analytics Required qualifications, capabilities, and
skills 5 years of experience in cybersecurity or resiliency, with
demonstrated exceptional organizational skills to plan, design, and
coordinate the development of offensive security testing,
assessments, or simulation exercises Significant experience
conducting manual penetration tests against a wide variety of
applications and technologies with a focus on web, API, and
thick-clients Proficiency in software development and debugging
Understanding of local data storage, encryption, and application
security Knowledge of US financial services sector cybersecurity or
resiliency organization practices, operations risk management
processes, principles, regulations, threats, risks, and incident
response methodologies Ability to identify systemic security or
resiliency issues as they relate to threats, vulnerabilities, or
risks, with a focus on recommendations for enhancements or
remediation, and proficiency in multiple security assessment
methodologies (e.g., Open Worldwide Application Security Project
(OWASP) Top Ten, National Institute of Standards and Technology
(NIST) Cybersecurity Framework), offensive testing tools, or
resiliency testing equivalents Excellent communication,
collaboration, and report writing skills, with the ability to
influence and engage stakeholders across various functions and
levels Preferred qualifications, capabilities, and skills
Proficiency in security concepts for both Windows and Unix-like
Operating Systems Experience in source code review and/or building
software with multiple programming languages (i.e. Python, Java,
Rust, etc.) Experience in reverse engineering standalone, thick
client and mobile applications Experience with hardware hacking
tools and techniques Ability to analyze binary firmware images and
reverse engineer code Certifications like OSWE, CREST (CRT, CCT),
OSCP, OSCE, GXPN, GWAPT, GPEN, BSCP This role is also open to
Atlanta GA | Chicago IL | Washington, DC | Houston TX | Jersey City
NJ | McLean VA | Plano TX | Tampa FL | Brooklyn, NY | Wilmington
DE.
Keywords: JPMorgan Chase & Co., Mansfield , Senior Penetration Tester (Web/API/Thick-Clients) - Assessments & Exercises Vice President, IT / Software / Systems , Columbus, Ohio
