Senior Penetration Tester

Location: LONDON, United Kingdom

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of redefining the future of financial services through innovation and robust cybersecurity. As a Senior Penetration Tester in our Cybersecurity Operations team based in London, you will play a pivotal role in safeguarding our global banking operations against evolving cyber threats. Your primary focus will be to conduct advanced assessments of our people, processes, and technology, simulating real-world attacks to uncover vulnerabilities before they can be exploited. This position demands a deep understanding of the financial industry's unique risks, including those posed to trading systems, customer data platforms, and regulatory compliance frameworks. You will collaborate with elite teams across our Corporate & Investment Bank to ensure our defenses remain impenetrable, contributing directly to the trust millions of clients place in JP Morgan Chase. In this role, you will lead comprehensive penetration testing initiatives, from scoping engagements to delivering detailed remediation strategies. Leveraging your expertise in ethical hacking, you will test web applications, networks, and cloud infrastructures critical to our financial services ecosystem, while adhering to strict standards like PCI-DSS and GDPR. Beyond technical execution, you will engage in social engineering exercises to evaluate employee awareness and process robustness, providing insights that strengthen our overall security posture. Your work will involve staying ahead of industry-specific threats, such as ransomware targeting financial institutions or advanced persistent threats from nation-state actors, and integrating cutting-edge tools and methodologies into our testing arsenal. Joining JP Morgan Chase means becoming part of a world-class organization committed to your professional growth and work-life balance. We offer unparalleled opportunities to advance your career in cybersecurity while working on projects that impact global finance. With our London hub at the heart of Europe's financial district, you will thrive in a dynamic, inclusive environment that values innovation and integrity. If you are passionate about protecting the integrity of financial systems and ready to tackle complex challenges, this Senior Penetration Tester role is your chance to make a lasting impact at one of the world's leading banks.

Key Responsibilities

• Conduct advanced penetration testing on JP Morgan Chase's internal systems, applications, and networks to identify vulnerabilities
• Perform social engineering assessments to evaluate the human element of cybersecurity within the firm's global operations
• Develop and execute comprehensive test plans for people, processes, and technology, ensuring alignment with financial industry standards
• Analyze and report on findings from penetration tests, providing actionable recommendations to enhance the firm's cybersecurity posture
• Collaborate with cross-functional teams, including IT, compliance, and risk management, to remediate identified security issues
• Stay abreast of evolving cyber threats in the financial services landscape and integrate new testing methodologies
• Mentor junior penetration testers and contribute to the firm's cybersecurity training programs
• Ensure all testing activities comply with JP Morgan Chase's internal policies and external regulations like those from the FCA and SEC
• Participate in incident response simulations and contribute to post-incident reviews for continuous improvement

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 5 years of experience in penetration testing, ethical hacking, or cybersecurity assessments within the financial services sector
• Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN)
• Proven track record of conducting vulnerability assessments and penetration tests in complex, regulated environments like banking and finance
• Strong understanding of regulatory frameworks such as GDPR, PCI-DSS, and SOX compliance requirements for financial institutions
• Experience with secure coding practices and threat modeling in enterprise-level applications

Preferred Qualifications

• Advanced degree (Master's or PhD) in Cybersecurity or a related discipline
• Experience working in a Big Four consulting firm or major financial institution like JP Morgan Chase
• Familiarity with cloud security testing in AWS, Azure, or Google Cloud environments used by financial services
• Knowledge of emerging threats in fintech, including blockchain and digital asset security
• Prior involvement in red team exercises or simulated cyber attack scenarios for financial firms

Required Skills

• Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Wireshark
• Expertise in scripting languages like Python, Bash, or PowerShell for automating security tests
• Deep knowledge of web application vulnerabilities (OWASP Top 10) and secure network protocols
• Experience with vulnerability scanning tools including Nessus, OpenVAS, and Qualys
• Strong analytical and problem-solving skills for dissecting complex financial systems
• Excellent communication skills for presenting technical findings to non-technical stakeholders
• Familiarity with financial services-specific threats like insider threats and DDoS attacks on trading platforms
• Ability to work collaboratively in agile teams within a high-stakes banking environment
• Attention to detail and ethical mindset in handling sensitive financial data
• Adaptability to fast-paced, regulated settings with tight deadlines
• Knowledge of API security testing and mobile app penetration techniques
• Understanding of encryption standards (e.g., TLS, AES) used in secure financial transactions
• Project management skills for leading penetration testing engagements
• Interpersonal skills for conducting social engineering simulations sensitively

Benefits

• Competitive base salary and performance-based annual bonuses aligned with financial services industry standards
• Comprehensive health, dental, and vision insurance coverage for employees and dependents
• Generous retirement savings plan with company matching contributions up to 6% of salary
• Paid time off including 25+ vacation days, parental leave, and flexible working arrangements
• Professional development support, including tuition reimbursement for cybersecurity certifications and training
• Employee stock purchase plan and access to JP Morgan Chase's global wellness programs
• Relocation assistance for international moves to London, including visa support for eligible candidates
• On-site fitness centers, mental health resources, and subsidized public transport passes in London

JP Morgan Chase is an equal opportunity employer.