Expires soon J.P. Morgan

Red Team Operator / Penetration Tester

  • United Kingdom
  • Design / Civil engineering / Industrial engineering

Job description

JPMC Cybersecurity's purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.

The Cyber Assessments team supports Cybersecurity's vision and mission by conducting a variety of security assessments, including infrastructure and application penetration tests, social engineering tests and threat intelligence-led adversary simulations of various sophistication levels.

JPMC Cyber Assessments are looking to expand its Red Team with an experienced Red Team Operator / Penetration Tester in London, UK. Primary focus of this role will be to perform hands on offensive activities as part of red team engagements against critical JPMC assets. The successful candidate will have a proven track record in conducting network exploitation operations and application penetration tests. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies and penetration testing tools.

To be successful in this role, the candidate should have expertise and strong experience in at least two of the following areas:

- Network penetration testing

- Application (web, mobile, etc.) penetration testing

- Social engineering (e-mail phishing, phone, physical, etc.)

- Red Team operations

Desired profile

Required qualifications:

- Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)

- Strong understanding of Windows/Linux/Unix operating systems

- Strong understanding of operating system and software vulnerabilities and exploitation techniques

- Strong understanding of web application vulnerabilities and exploitation techniques, covering the OWASP Top 10 as a minimum

- Strong knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)

- Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines

- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services

Preferred qualifications:

- Bachelor's Degree in Engineering or Technology related fields a major plus

- SANS (GPEN, GXPN, GWAPT), Offensive Security (OSCP, OSCE), CREST/Tiger Scheme Certified Tester certifications or equivalent strongly desired.

- Knowledge of malware packing, obfuscation, persistence, exfiltration techniques

- Knowledge and experience in using interpreted languages (Ruby, Python, Perl, etc.) and/or compiled languages (C, C++, C#, Java, etc.)

- Experience in developing in house tools / scripts to improve delivery and facilitate testing operations

- Ability to perform targeted, covert penetration tests with vulnerability identification, exploitation and post-exploitation activities with no or minimal use of automated tools

- Well versed in security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others

- Knowledge of application reverse engineering techniques and procedures

- Understanding of financial sector, or other large organization, security and IT infrastructures

Other skills:

- Excellent written and verbal communication skills

- Ability to articulate and visually present complex penetration testing and red team results

- Ability to work effectively independently and in a team

- Ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective

- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.



About JPMorgan Chase & Co.

J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.2 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its J.P. Morgan and Chase, and WaMu brands.

J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package.

J.P. Morgan is an Equal Opportunity Employer.

Make every future a success.
  • Job directory
  • Business directory