JPMorgan Chase & Co. (NYSE: JPM) is a leading global financial services firm with assets of $2.6 trillion and operations worldwide. The firm is a leader in investment banking, financial services for consumers and small business, commercial banking, financial transaction processing, and asset management. A component of the Dow Jones Industrial Average, JPMorgan Chase & Co. serves millions of consumers in the United States and many of the world’s most prominent corporate, institutional and government clients under its J.P. Morgan and Chase brands. Information about JPMorgan Chase & Co. is available at http://www.jpmorganchase.com/.
Cybersecurity’s purpose is to ensure the security and resiliency of the Firm’s computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm’s risk posture. The Cybersecurity team is composed of firmwide functions (IT Risk Management, Infrastructure Security Solutions, Identity & Access Management, and Application security) as well as business-aligned risk & resiliency management teams that affect the technology risk program.
The Cyber Security Red Team / Penetration Tester is tasked with identifying and containing advanced cyber security threats targeting the firm. The successful candidate will have a proven track record in conducting network exploitation operations, to include Cyber Red Team operations. Additionally, candidate will have proven experience with in-depth technical analysis of computer networks culminating in the identification of existing and potential vulnerabilities that if exploited would allow unauthorized access to JPMC systems.
- Overall 3+ years of Information Security experience with one of the following:
- At least 2 years’ experience performing network penetration testing
- At least 1 years’ experience performing application security assessments
- At least 2 years’ experience with Cyber Red Team operations
- At least 2 years’ experience performing network exploitation operations.
o U.S. Intelligence Community background highly preferred.
- Knowledge of networking fundamentals (all OSI layers)
- Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
- Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc.
- Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
- Bachelor’s Degree in Engineering, Business Management, or Technology related fields a major plus
- Knowledge of malware packing and obfuscation techniques
- Ability to automate tasks using a scripting language (Python, Perl, Ruby, etc).
- Strong knowledge of networking protocols and packet analysis
- Must have the ability to perform targeted penetration tests without use of automated tools
- Well versed in multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
- Demonstrated understanding of financial sector, or other large organization, security and IT infrastructures
- Ability to program in C, C++, C#, Objective C, Python, Java, PHP and/or ASM (x86)
- Able to work either independently or in a team
- The ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective.
- Able to articulate and visually present complex forensic investigation and analysis results.
- Able to work under pressure in time critical situations.
- Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
- Detailed knowledge of current international best practices in privacy.
- Excellent written and verbal communication skills are required.
- Ability to communicate effectively with business representatives in explaining forensic findings clearly and where necessary, in layman’s terms.
JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.
Information Risk Management
US-OH-Columbus-1111 Polaris / 54101
Corporate Brand JPMorgan Chase & Co.