Senior Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

JPMorganChase · 2 days ago

Senior Penetration Tester

positionWashington, DC
timeFull-time
remoteOnsite
senioritySenior Level
money$152K/yr - $260K/yr
date5+ years exp

JPMorganChase, one of the oldest financial institutions, offers innovative financial solutions to millions of consumers and businesses. As a Senior Penetration Tester, you will drive the security of critical banking applications through hands-on offensive testing, planning and executing penetration tests while identifying vulnerabilities and guiding remediation efforts.

Asset ManagementBankingFinancial Services
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications
Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place
Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts
Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations
Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables
Collaborate with development, infrastructure, and security teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security
Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups
Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements

Qualification

Penetration testingManual testingSecurity assessment methodologiesVulnerability identificationCloud platforms (AWS/Azure/GCP)Industry-standard toolsTechnical report writingMentoring junior testersCybersecurity practicesIncident response methodologiesSource code reviewsReverse engineeringRelevant certificationsCommunication skillsOrganizational skillsContinuous learning

Required

5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements
Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.)
Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards
Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation
Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders
Experience conducting peer reviews of penetration test reports and mentoring junior testers
Continuous learner who keeps up with the latest offensive security trends, tools, and techniques

Preferred

Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks
Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems
Experience conducting security-focused source code reviews (e.g., Python, Java, Rust)
Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities
Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP

Benefits

Comprehensive health care coverage
On-site health and wellness centers
A retirement savings plan
Backup childcare
Tuition reimbursement
Mental health support
Financial coaching

Company

JPMorganChase

twittertwittertwitter
Glassdoor4.0
company-logo
With a history tracing its roots to 1799 in New York City, JPMorganChase is one of the world's oldest, largest, and best-known financial institutions—carrying forth the innovative spirit of our heritage firms in global operations across 100 markets.
dateFounded in 2000
location
New York, New York, USA
people-size10001+ employees
web-link
https://www.jpmorganchase.com/

H1B Sponsorship

JPMorganChase has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3471)
2024 (3469)
2023 (3395)
2022 (3594)
2021 (2515)
2020 (2495)

Funding

Current Stage
Public Company
Total Funding
unknown
1998-02-01IPO

Leadership Team

leader-logo
Allison Beer
CEO of Card Services and Connected Commerce
linkedin
leader-logo
Dan Mendelson
CEO, Morgan Health
linkedin

Recent News

Investing.com
JPMorgan appoints Sri Kosaraju as global chair of investment banking
2026-01-08
Crunchbase News
Exclusive: Luxury Presence Raises $22M Series C For AI-Powered Marketing Aimed At Real Estate Agents
2026-01-08
Bizjournals.com Feed (2025-11-12 15:43:17)
JPMorgan Chase taps Tony Wolfe to head commercial banking in D.C. region
2026-01-07
Company data provided by crunchbase