Senior Penetration Tester (Web/API/Thick-Clients) - Vice President

Location: Ciudad Autónoma de Buenos Aires, Argentina

Job Family: Cybersecurity Operations

About the Role

At JP Morgan Chase, we are at the forefront of redefining the future of financial services through innovation and unwavering commitment to security. As a Senior Penetration Tester (Web/API/Thick-Clients) at the Vice President level, you will play a pivotal role in enhancing our cybersecurity posture by conducting advanced assessments of people, processes, and technology. Based in our Ciudad Autónoma de Buenos Aires office, you will join the Cybersecurity Operations team, focusing on identifying and mitigating vulnerabilities in critical web applications, APIs, and thick-client systems that underpin our global banking operations. This role demands a proactive approach to simulating real-world attacks on financial infrastructures, ensuring the integrity and confidentiality of client data in a highly regulated environment. Your responsibilities will include leading penetration testing engagements across diverse portfolios, from high-frequency trading platforms to customer-facing mobile APIs, while adhering to standards like PCI-DSS and SOX. You will collaborate with cross-functional teams to translate technical findings into strategic recommendations that fortify our defenses against sophisticated cyber threats. In this position, you will leverage your expertise to not only detect flaws but also contribute to the evolution of our security practices, mentoring team members and integrating cutting-edge methodologies to stay ahead of adversaries targeting the financial sector. We value professionals who thrive in dynamic, global settings and are passionate about safeguarding the world's leading financial institution. This role offers the opportunity to work on impactful projects that directly influence JP Morgan Chase's risk management and compliance frameworks, all while fostering professional growth in a supportive environment. If you are ready to apply your penetration testing acumen to protect billions in assets and drive innovation in cybersecurity, join us in Buenos Aires to make a lasting difference.

Key Responsibilities

• Conduct comprehensive penetration tests on web applications, APIs, and thick-client software to identify vulnerabilities and assess risks to JP Morgan Chase's financial infrastructure
• Develop and execute detailed testing methodologies, including reconnaissance, scanning, exploitation, and post-exploitation activities, tailored to the financial services sector
• Collaborate with development, operations, and compliance teams to remediate identified security issues and enhance the firm's cybersecurity posture
• Document findings in clear, actionable reports with risk ratings, exploitation proofs, and remediation recommendations for senior stakeholders
• Stay abreast of evolving cyber threats and regulatory requirements in the banking industry, integrating new techniques into testing protocols
• Mentor junior penetration testers and contribute to the continuous improvement of testing tools and processes within the Cybersecurity Operations team
• Participate in simulated attack exercises and contribute to incident response planning for critical financial systems
• Ensure all testing activities comply with internal policies, legal standards, and ethical guidelines, maintaining confidentiality of sensitive financial data
• Analyze and test security controls for emerging technologies like cloud-based APIs and mobile banking applications used by JP Morgan Chase clients

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
• Minimum of 5 years of experience in penetration testing, with a focus on web applications, APIs, and thick-client environments
• Proven track record of conducting security assessments in a financial services or regulated industry environment
• Relevant certifications such as OSCP, CEH, CISSP, or GIAC Penetration Tester
• Strong understanding of OWASP Top 10, CWE/SANS Top 25, and other industry-standard vulnerability frameworks
• Experience with compliance standards like PCI-DSS, SOX, and GDPR in financial contexts
• Ability to work in a fast-paced, global team environment with excellent communication skills

Preferred Qualifications

• Advanced degree in Cybersecurity or related field
• Experience in penetration testing for high-stakes financial systems, including trading platforms and payment gateways
• Familiarity with JP Morgan Chase's internal security tools and methodologies
• Prior experience in red teaming or adversarial simulations in a banking context
• Knowledge of emerging threats in fintech, such as blockchain and mobile banking security

Required Skills

• Proficiency in penetration testing tools such as Burp Suite, OWASP ZAP, Metasploit, and Nmap
• Expertise in scripting languages like Python, Bash, or PowerShell for automating security assessments
• Deep knowledge of web technologies including HTTP/HTTPS, RESTful APIs, SOAP, and JSON/XML parsing
• Experience with thick-client testing using tools like Immunity Debugger or WinDbg for desktop applications
• Strong understanding of network protocols (TCP/IP, SSL/TLS) and vulnerability exploitation techniques
• Familiarity with cloud security testing in AWS, Azure, or GCP environments relevant to financial cloud deployments
• Analytical problem-solving skills for identifying complex vulnerabilities in high-security financial systems
• Excellent report writing and presentation skills to communicate technical risks to non-technical executives
• Ability to work collaboratively in cross-functional teams within a global financial institution
• Knowledge of secure coding practices and application security in Java, .NET, or similar frameworks
• Experience with mobile app security testing for iOS and Android in banking contexts
• Soft skills in ethical hacking mindset and attention to detail under pressure
• Understanding of regulatory compliance and risk management in the financial sector
• Adaptability to evolving cybersecurity threats and technologies

Benefits

• Competitive base salary and performance-based annual bonuses aligned with financial services industry standards
• Comprehensive health, dental, and vision insurance coverage for employees and eligible dependents
• Retirement savings plan with generous company matching contributions
• Paid time off including vacation, sick leave, and parental leave policies
• Professional development opportunities, including tuition reimbursement and access to JP Morgan's internal training programs
• Employee wellness programs with gym memberships, mental health support, and financial wellness resources
• Global mobility support for career growth within JP Morgan Chase's international network
• Stock purchase plan and other equity-based incentives for long-term wealth building

JP Morgan Chase is an equal opportunity employer.