Apply Now    

Red Team Operator / Penetration Tester

Req #: 170115169
Location: London, ENG, UK
Job Category: Technology
Potential Referral Amount: 3500 Pound Sterling (GBP)
Red Team Operator / Penetration Tester (UK)
JPMC Cybersecurity's purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Cyber Assessments team supports Cybersecurity’s vision and mission by conducting a variety of security assessments, including infrastructure and application penetration tests, social engineering tests and threat intelligence-led adversary simulations of various sophistication levels.  
JPMC Cyber Assessments are looking to expand its Red Team with an experienced Red Team Operator / Penetration Tester in London, UK. Primary focus of this role will be to perform hands on offensive activities as part of red team engagements against critical JPMC assets. The successful candidate will have a proven track record in conducting network exploitation operations and application penetration tests. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies and penetration testing tools.
To be successful in this role, the candidate should have expertise and strong experience in at least two of the following areas:
  • Network penetration testing
  • Application (web, mobile, etc.) penetration testing
  • Social engineering (e-mail phishing, phone, physical, etc.)
  • Red Team operations
Required qualifications:
  • Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
  • Strong understanding of Windows/Linux/Unix operating systems
  • Strong understanding of operating system and software vulnerabilities and exploitation techniques
  • Strong understanding of web application vulnerabilities and exploitation techniques, covering the OWASP Top 10 as a minimum
  • Strong knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
  • Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Preferred qualifications:
  • Bachelor's Degree in Engineering or Technology related fields a major plus
  • SANS (GPEN, GXPN, GWAPT), Offensive Security (OSCP, OSCE), CREST/Tiger Scheme Certified Tester certifications strongly desired.
  • Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
  • Knowledge and experience in using interpreted languages (Ruby, Python, Perl, etc.) and/or compiled languages (C, C++, C#, Java, etc.)
  • Experience in developing in house tools / scripts to improve delivery and facilitate testing operations
  • Ability to perform targeted, covert  penetration tests with vulnerability identification, exploitation and post-exploitation activities with no or minimal use of automated tools
  • Well versed in security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
  • Knowledge of application reverse engineering techniques and procedures
  • Understanding of financial sector, or other large organization, security and IT infrastructures
Other skills:
  • Excellent written and verbal communication skills
  • Ability to articulate and visually present complex penetration testing and red team results
  • Ability to work effectively independently and in a team
  • Ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
  • Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Things to note

Sign in to our application system to continue your job search or update your profile.

Current employees sign in here. Contractors sign in here.

Any information you provide is confidential and will only be viewed by our recruiters in an effort to fill open positions. In addition, the information you provide is subject to our privacy policy practices.

Please note that J.P. Morgan will not accept unsolicited approaches or speculative CVs, nor will J.P. Morgan be responsible for any related fees, from Third Party Firms who are not preferred suppliers.

The firm invites all interested and qualified candidates to apply for employment opportunities.

Need disability related assistance?

If you are a US or Canadian applicant with a disability who is unable to use our online tools to search and apply for jobs, please click here.

Important links

Click here to view the "EEO is the Law" poster.

Click here to view the "EEO is the Law" supplemental poster.

Click here to view our U.S. Pay Transparency Policy.

JPMorgan Chase is an equal opportunity and affirmative action employer Disability/Veteran.