CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
The Cybersecurity organization's objective is to ensure that JPMC is able to effectively detect, prevent, and respond to cyber threats against our technology infrastructure. The scope of Cybersecurity comprises detection and monitoring of threats and vulnerabilities, managing security incidents, and evolving our preventive infrastructure to keep ahead of the threat. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The role is part of a global cyber security assessments team delivering 'next generation' application and infrastructure testing. Primary focus of this role would be to perform hands on penetration testing of some of the most critical applications with JPMC, as well as conduct regular penetration tests of the associated infrastructure. In addition to hands on assessments, a high level of internal client interaction is required in this role and as such it would suite a technical individual with good " client facing" skills and the ability to describe security issues based on risk and impact. This role will also require reviewing the output of third-party penetration testing vendors and the ability to conduct Quality Assurance on testing reports. Successful candidates will have good general knowledge of security concepts and significant experience and proven expertise in both web application and infrastructure assessments. The successful candidate will have a proven track record in delivery in application security and infrastructure related penetration testing.
To be successful in this role, you should have:
Strong "quality focused" approach to service delivery.
2+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client beyond running automated tools
2+ years of experience with penetration testing against internal and external facing corporate infrastructures
Technical focus on both application (Web, Mobile "Fat" application assessments) and infrastructure testing
Understanding of Security architecture both from a penetration testing and design point of view
Experience working with application developers to validate, assess, understand root cause and mitigate vulnerabilities
Experience documenting technical issues identified during security assessments and building improvements in to the existing service support tools and "standard findings"
Ability to communicate security risks to both technical and business audiences
Good understanding of OWASP and other software security best practices
Strong technical ability in current web application testing methodologies
Strong technical ability in security related architecture design and assessment (manual approach to penetration testing)
Good understanding of Security concepts for both Windows and Unix related operating Systems
Good understanding of current "high impact" and "well known" application and infrastructure vulnerabilities
Intermediate level understanding of Mobile Application Security concepts
Good understanding of exploitation research and mitigation (buffer and stack overflows/protection mechanisms)
Experience with scripting languages (Python/Perl) and associated usage within penetration test assessments
Experience with application layer assessment tools, such as local proxies and fuzzers
Experience with usage and deployment of infrastructure assessment tools (commercial and open source scanners)
A strong understanding of web technologies, solutions and attack vectors that apply to application technologies
Knowledge of security design review methodologies
A preferred candidate would have experience of Security source code review or development experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
Ability to concisely communicate security risks to both technical and business audience
Ability to conduct research and develop, building tools for use by internal teams as well as vulnerability research would be a significant advantage to a candidate.
Knowledge of application reverse engineering techniques and procedures
Management and Organization Skills:
Excellent verbal and written communication skills
Strong organizational skills
Proven ability to build relationships with clients and stakeholder
Solid understanding of enterprise risk management concepts
Highly responsive with an ability to handle escalations quickly and professionally
Ability to create, communicate and implement strategies
Ability to work as part of a distributed team environment
Masters Degree in Engineering, Business Management, or Technology related fields a major plus
5 to 7 years of application and infrastructure security assessment experience
GWAPT, GPEN, Offensive security Advanced Web Attacks and Exploitation and/or Offensive security Cracking the Perimeter (CTP) certifications
Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures
About J.P. Morgan Chase & Co:
J.P. Morgan serves one of the largest client franchises in the world. Our clients include corporations, institutional investors, hedge funds, governments and affluent individuals in more than 100 countries. J.P. Morgan is part of JPMorgan Chase & Co. (NYSE: JPM), a leading global financial services firm with assets of $2.1 trillion. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity. A component of the Dow Jones Industrial Average, JPMorgan Chase serves millions of clients and consumers under its JPMorgan and Chase, and WaMu brands.
J.P. Morgan offers an exceptional benefits program and a highly competitive compensation package. J.P. Morgan is an Equal Opportunity Employer