Senior Penetration Tester

Location: Plano, TX, United States

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of financial services innovation, and our Cybersecurity Operations team plays a pivotal role in safeguarding our global operations against evolving cyber threats. As a Senior Penetration Tester in our Plano, TX location, you will lead advanced assessments to enhance the firm's cybersecurity posture. This role involves simulating sophisticated attacks on our people, processes, and technology stack, including core banking systems, trading platforms, and cloud-based financial applications. You will work within a collaborative environment to identify vulnerabilities that could impact our clients' assets and ensure compliance with stringent regulations like PCI-DSS and SOX, ultimately contributing to the trust and security that define JP Morgan Chase's reputation in the industry. Your day-to-day responsibilities will include designing and executing penetration tests across diverse environments, from on-premises networks to hybrid cloud infrastructures. Leveraging your expertise, you will uncover weaknesses through methods such as ethical hacking, social engineering simulations, and automated vulnerability scanning, then translate findings into clear, prioritized remediation strategies. Collaboration is key; you will partner with developers, risk managers, and executive leadership to implement robust defenses, while mentoring team members to build a culture of proactive security. In the fast-paced world of financial services, your work will directly mitigate risks from threats like data breaches and ransomware, protecting billions in transactions daily. We seek a seasoned professional passionate about cybersecurity in finance, with a track record of delivering impactful results in high-stakes settings. This position offers the opportunity to grow within one of the world's leading financial institutions, where your contributions will shape our resilience against global cyber challenges. Join JP Morgan Chase in Plano, TX, and be part of a team dedicated to innovation, integrity, and unparalleled client protection.

Key Responsibilities

• Conduct comprehensive penetration testing assessments on JP Morgan Chase's people, processes, and technology to identify vulnerabilities in banking systems and applications
• Simulate advanced cyber threats, including social engineering attacks and red team exercises, to evaluate the firm's defenses against real-world financial sector risks
• Develop and execute detailed test plans for web applications, mobile platforms, networks, and cloud environments used in global financial operations
• Analyze test results to produce actionable reports with remediation recommendations, ensuring alignment with regulatory standards like PCI-DSS and GDPR
• Collaborate with cross-functional teams, including IT security, application developers, and compliance officers, to enhance the overall cybersecurity posture
• Stay abreast of emerging threats in the financial services industry and integrate new testing techniques to protect against sophisticated attacks like ransomware and APTs
• Mentor junior penetration testers and contribute to the development of internal training programs on ethical hacking best practices
• Participate in incident response simulations and post-incident reviews to strengthen JP Morgan Chase's resilience in cyber defense
• Ensure all testing activities comply with legal and ethical guidelines, maintaining confidentiality of sensitive financial data
• Leverage automation tools and scripting to streamline penetration testing processes and improve efficiency in large-scale assessments

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 5 years of experience in penetration testing, ethical hacking, or vulnerability assessment within a financial services or regulated industry
• Professional certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN)
• In-depth knowledge of cybersecurity frameworks like NIST, ISO 27001, and PCI-DSS relevant to banking and financial operations
• Proven experience conducting penetration tests on complex enterprise environments, including cloud infrastructures (AWS, Azure) and on-premises systems
• Strong understanding of regulatory compliance requirements for financial institutions, including SOX, GLBA, and FFIEC guidelines
• Ability to obtain and maintain necessary security clearances or background checks required for handling sensitive financial data

Preferred Qualifications

• Advanced degree (Master's) in Cybersecurity or a related discipline
• Experience in penetration testing for high-stakes financial applications, such as trading platforms or payment systems
• Familiarity with JP Morgan Chase's internal security tools and methodologies
• Prior work in a Big Four consulting firm or similar role at a major financial institution
• Contributions to open-source security projects or publications in cybersecurity journals

Required Skills

• Expertise in penetration testing methodologies (e.g., OWASP, PTES)
• Proficiency in tools like Metasploit, Burp Suite, Nmap, and Wireshark
• Strong scripting and programming skills in Python, Bash, or PowerShell
• Knowledge of web application vulnerabilities (e.g., SQL injection, XSS, CSRF)
• Experience with cloud security testing in AWS, Azure, or GCP environments
• Understanding of network protocols and security (TCP/IP, SSL/TLS, firewalls)
• Familiarity with financial industry-specific threats like insider threats and fraud detection
• Analytical problem-solving and critical thinking for complex security scenarios
• Excellent written and verbal communication for reporting findings to non-technical stakeholders
• Attention to detail and ethical mindset in handling confidential information
• Team collaboration and leadership in cybersecurity projects
• Adaptability to evolving threats in the dynamic financial services landscape
• Project management skills for planning and executing penetration tests
• Knowledge of compliance standards (NIST, PCI-DSS, SOX) in banking
• Ability to perform under pressure during high-impact security assessments

Benefits

• Competitive base salary and performance-based annual bonuses tied to firm and individual contributions
• Comprehensive health, dental, and vision insurance plans with employer contributions
• 401(k) retirement savings plan with generous company matching up to 6% of eligible compensation
• Paid time off including vacation, sick days, and parental leave policies
• Professional development opportunities, including tuition reimbursement for certifications and advanced degrees
• Employee stock purchase plan and access to JP Morgan Chase's wealth management resources
• Wellness programs with gym memberships, mental health support, and onsite fitness facilities in Plano, TX
• Relocation assistance for eligible candidates moving to the Plano area

JP Morgan Chase is an equal opportunity employer.