Web Application Security Tester / Penetration Tester - Associate
UNITED KINGDOM Design / Civil engineering / Industrial engineering
Job description
Web Application Security Tester / Penetration Tester (Associate) – 160042695
Job Description
JPMC are looking to hire a Web Application Security tester. The role is part of a global cyber security assessments team delivering ‘next generation' web application testing. Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC.
In addition to hand on assessments, some client interaction is required in this role and as such as it would suite a technical individual with some “ client facing” experience. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and experience in web application assessments. The successful candidate will have a proven track record in delivery in application security and penetration testing.
Responsibilities:
· Advanced web and application penetration testing; including
· Full application security assessments focusing on advance application testing to identify critical vulnerabilities across the web application stack
· Controlled exploitation of vulnerabilities to demonstrate full impact and risk of security findings
· Performing testing in both production and non-production environments , adhering to rules of engagements for production testing
· Strong affinity for security research and development (exploits and tools)
· Use of common scanning tools as well as developing in house tools to improve delivery where necessary
· Deliver high quality reporting on (and providing fixes to) identified vulnerabilities at the code level (developer friendly)
· Documenting technical issues identified during security assessments
· Providing SDLC consultancy related to web application vulnerabilities
· Clearly and effectively communicating with clients and stakeholders
· Project Management
Desired profile
Qualifications
Technical Skills:
· Understanding of OWASP and other software security best practices
· Understanding of Mobile Application Security concepts
· Knowledge of application reverse engineering techniques and procedures
· Experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
· Experience with application layer assessment tools, such as local proxies and fuzzers
· Experience with threat modeling and security design review methodologies
· A strong understanding of Unix, Windows and network security skills
· Ability to work independently
· Ability to work as part of a distributed team
· Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences
Management and Organization Skills:
· Excellent verbal and written communication skills
· Strong organizational skills
· Proven ability to build relationships with clients and stakeholder
· Solid understanding of enterprise risk management concepts
· Highly responsive with an ability to handle escalations quickly and professionally
· Ability to implement strategies
· Experience with vendor management
Preferred Qualifications
· Bachelor's Degree in Engineering, Business Management, or Technology related fields a major plus
· Formal Penetration Testing Certifications would be welcome
· Must have the ability to perform targeted applications penetration tests without use of automated tools
· Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures
About JPMorgan Chase & Co.
J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.2 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its J.P. Morgan and Chase, and WaMu brands.
J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package.
J.P. Morgan is an Equal Opportunity Employer.
Closing date-24th October 2016