Senior Penetration Tester, Web & Hardware/IoT

JPMorgan Chase

Quick summary

Work type: On-site
Location: Chicago, ILJersey City, NJNew York, NYBrooklyn, NYColumbus, OHAtlanta, GAPlano, TXWashington, DCWilmington, DETampa, FLHouston, TX
Salary: $133,000–$225,000 / yr
Posted: 1 day ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

Competitive pay

How this pay compares to similar roles

Similar $179k

This role $179k

$122k most similar roles pay here $236k

This role pays more than 53% of similar roles. Most pay $149,350–$208,450 — the shaded band above. At the midpoint, this role pays about $179k versus about $179k for comparable roles.

Based on 240 similar postings.

Employer

About JPMorgan Chase

JPMorgan Chase & Co. is a global financial services firm and one of the largest banks in the world, offering investment banking, commercial banking, asset management, and consumer financial services.

JPMorgan Chase currently has 436 open roles on FindRole.

Listed pay typically runs $152,000–$215,000 across 230 roles with salary data.

Most-posted roles

View all roles at JPMorgan Chase

At a glance

TL;DR · Senior Penetration Tester, Web & Hardware/IoT

Role Posting Log in to save

As a Senior Penetration Tester at JPMorgan Chase in Chicago or other listed locations, you will join the Cybersecurity and Technology Controls team to safeguard critical banking applications, platforms, and connected devices. Your role involves planning, executing, and reporting on penetration tests across various environments including web applications, APIs, cloud platforms, infrastructure, thick-client, and mobile applications, with a limited focus on hardware and IoT endpoints like ATMs and POS systems. You will use industry-standard tools such as Burp Suite, Nmap, and Metasploit to identify vulnerabilities, collaborate with development teams for remediation, and contribute to the continuous improvement of testing methodologies. The ideal candidate has over five years of hands-on experience in offensive security, expertise in web and mobile application testing, and knowledge of cybersecurity practices within the US financial services sector.

Skills

AWS Azure GCP Burp Suite Nmap Metasploit OWASP Top Ten NIST Cybersecurity Framework Python Java Rust CI/CD IoT ATMs POS devices Unix-like OS Windows OS Embedded systems Firmware analysis Network testing Reverse engineering

What you'll do

Plan, scope, and execute penetration testing engagements across various environments.
Perform security assessments of banking hardware and IoT devices like ATMs and POS systems.
Identify vulnerabilities through manual and automated testing using industry-standard tools.
Document findings in comprehensive reports with technical details and remediation recommendations.
Collaborate with engineering teams to clarify test results and support remediation efforts.

What we're looking for

5+ years of hands-on penetration testing experience in offensive security.
Expertise in manual testing of web, API, cloud, infrastructure, thick-client, and mobile applications.
Working knowledge of testing approaches for connected devices/IoT and banking hardware.
Strong understanding of security assessment methodologies like OWASP Top Ten and NIST Cybersecurity Framework.
Ability to identify systemic security issues and provide actionable remediation recommendations.
Continuous learner with up-to-date knowledge of offensive security trends, tools, and techniques.
Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, or similar.

Senior Cyber Software Engineer

Lockheed Martin

Offutt AFB, NE 3 days ago

Java Typescript CI/CD DAST SAST OIDC OAuth SSO RBAC RMF STIG Agile Python PostgreSQL

Save