Penetration Tester
Company: JPMorganChase
Location: Houston
Posted on: April 3, 2026
|
|
|
Job Description:
Description This position is also open in the following
locations: Tampa, FL / Atlanta, FL / Plano, TX / Columbus, OH /
McLean, VA / Wilmington, DE Drive the security of critical banking
applications and platforms through hands-on offensive testing. As
an Assessments & Exercises Vice President in the Cybersecurity and
Technology Controls organization, you will play a key role in
safeguarding the firm’s most vital assets. Your primary
responsibility will be to plan, execute, and report on penetration
tests targeting high-impact applications, platforms, and services.
Leveraging industry-standard methodologies and advanced techniques,
you will proactively identify vulnerabilities, collaborate with
application owners to understand root causes, and guide effective
remediation to strengthen the firm’s security posture. We are
seeking candidates with a passion for offensive security, deep
technical expertise in penetration testing, and a commitment to
continuous learning and excellence. Job responsibilities Plan,
scope, and execute penetration testing engagements across a variety
of environments, including web applications, APIs, cloud platforms,
infrastructure, thick-client, and/or mobile applications. Collect
and validate pre-requisites for each engagement, ensuring all
necessary access, documentation, and approvals are in place.
Perform manual and automated testing to identify vulnerabilities,
misconfigurations, and security weaknesses, leveraging
industry-standard tools and custom scripts. Document and
communicate findings through comprehensive reports that include
technical details, risk assessments, and actionable remediation
recommendations. Conduct peer reviews of penetration test reports
to ensure accuracy, consistency, and quality of deliverables.
Collaborate with development, infrastructure, and security teams to
clarify findings, support remediation efforts, and provide subject
matter expertise on offensive security. Stay current with emerging
threats, vulnerabilities, and attack techniques by leveraging
threat intelligence, security research, and participation in
relevant industry groups. Contribute to the continuous improvement
of penetration testing methodologies, tools, and frameworks to
enhance effectiveness and alignment with firm strategy and
regulatory requirements. Required qualifications, capabilities, and
skills 5&43; years of hands-on penetration testing experience
in offensive security, with a proven track record of scoping,
executing, and reporting on complex engagements. Expertise in
manual penetration testing of web, API, cloud (AWS/Azure/GCP),
infrastructure, thick-client, and/or mobile applications
(android/iOS), including the use of industry-standard tools (e.g.,
Burp Suite, Nmap, Metasploit, etc.). Strong understanding of
security assessment methodologies such as OWASP Top Ten, NIST
Cybersecurity Framework, and other relevant standards. Ability to
identify and articulate systemic security issues related to
threats, vulnerabilities, and risks, and provide clear, actionable
recommendations for remediation. Exceptional organizational and
communication skills, including the ability to write detailed
technical reports and present findings to both technical and
non-technical stakeholders. Experience conducting peer reviews of
penetration test reports and mentoring junior testers. Continuous
learner who keeps up with the latest offensive security trends,
tools, and techniques. Preferred qualifications, capabilities, and
skills Knowledge of cybersecurity practices, operational risk
management, and incident response methodologies within the US
financial services sector, including relevant regulations, threats,
and risks. Proficiency in penetration testing and security concepts
for both Windows and Unix-like operating systems. Experience
conducting security-focused source code reviews (e.g., Python,
Java, Rust). Experience in reverse engineering thick-client and
mobile applications to identify vulnerabilities. Relevant
certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN,
GWAPT, GPEN, GMOB, or BSCP.
Keywords: JPMorganChase, Houston , Penetration Tester, IT / Software / Systems , Houston, Texas
