Penetration Tester - Mobile Applications Security
JPMorgan Chase & Co
(NYSE: JPM) is a leading global financial services firm with assets of $2 trillion and operations in more than 60 countries. The firm is a leader in investment banking, financial services for consumers, small business and commercial banking, financial transaction processing, asset management, and private equity.
IT Risk & Security Management's (ITRSM) purpose is to ensure the security and resiliency of the Firm’s computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Mobile Applications Penetration Tester will be part of the JPMorgan Chase Application Security Group, which is responsible for global application security across all lines of business. We are creating an ongoing lifecycle process to continually recognize new threats as well as existing ones, and to continually adapt, in near-real-time, as the threat landscape changes. We perform threat intelligence, write policy, assist the lines of business to implement their security strategies, and perform penetration testing on new and existing applications.
Responsibilities include, but are not limited to the following:
- Use your significant "ethical hacking" skills to identify security vulnerabilities in JPMG Mobile Native and Web Applications
- Perform web application dynamic scans and pen tests
- Research and develop mobile testing tools for use by internal ethical hacking team
- Develop mobile security threat models
- Work with application developers to validate, assess, understand root cause and mitigate vulnerabilities
- Configuration and operation of scanning and testing tools and environment
- Documentation of test results
- Recommendation of counter-measures and remediation techniques
- Analyze software security threats and plan tests
- Correlate pen-test findings to any existing threat models and/or to static and/or dynamic scan results to identify "misses" and recommend improvements to those other processes
•5+ years of overall technology experience
•Strong knowledge and understanding of mobile security landscape
•Hands-on experience with ethical hacking and penetration testing of mobile and web applications (iOS, Android, RIM)
•Demonstrated ability to plan, develop, and execute security tests
•Strong reporting and technical writing skills
•Ability to communicate and explain suggested remediation steps to developers
•Demonstrated experience with industry-standard security testing tools such as AppScan, Web Inspect, Burp Suite, Nessus, Nmap, Metasploit, viaLab and CANVAS
•Required experience with one or more of the following mobile security testing tools: Agnito, CLang, Charles Proxy, oTool, iPhoneDbg, iPhone-dataprotection, Keychain_Dumper, iAuditor, PList Editor, trustme, Theos
•Technical experience in network security products, cryptographic suites, firewalls, Web Application Firewalls/Application Security Gateways, application servers, routers, IDS systems
•Thorough knowledge of TCP/IP ports and protocols
•Demonstrated experience in shell scripting
•Demonstrated experience in application level attacks including Web 2.0 technologies
•Clear understanding of how the software development lifecycle works in a large enterprise
•Computer Science or related technical degree from an accredited institution, or equivalent work experience and practical knowledge
•Minimum of one professional certification- (CISSP, CISM, MCSD, GIAC, or CEH preferred)
•Excellent presentation and communication skills
- Mobile security assessment experience
- Programming ability or development experience in at least one of the following languages: .NET (ASP.NET), Java, Perl, Python, Ruby, C/C++/ObjectiveC
- Experience using XCode or Eclipse for mobile testing
JPMorgan Chase is an Equal Opportunity and Affirmative Action Employer, M/F/D/V.
Information Risk Management
US-NJ-Jersey City-NOC 5 - 575 Washington / 02969
US-NY-Syracuse-Syracuse Univ - Lyman Hall / 50432, US-OH-Columbus-1000 Polaris / 58421
Strategy & Development
Yes, 25 % of the Time
JPMorgan Chase & Co.
JPMorgan Chase - 9 months ago
At JPMorgan Chase, the work we do matters. All of us are committed to putting our resources and our voices to work every day for our...