Apply Now    

Red Team Operator / Penetration Tester

Req #: 170115169
Location: London, ENG, UK
Job Category: Technology
Job Description:
Red Team Operator / Penetration Tester (UK)
JPMC Cybersecurity's purpose is to ensure the security and resiliency of the Firm's computing environment, protect customer and employee confidential information, and comply with regulatory requirements globally. We accomplish this through strong information security leadership and active collaboration with line of business information risk managers to provide high quality security solutions and services that are focused on improving the Firm's risk posture.
The Cyber Assessments team supports Cybersecurity’s vision and mission by conducting a variety of security assessments, including infrastructure and application penetration tests, social engineering tests and threat intelligence-led adversary simulations of various sophistication levels.  
JPMC Cyber Assessments are looking to expand its Red Team with an experienced Red Team Operator / Penetration Tester in London, UK. Primary focus of this role will be to perform hands on offensive activities as part of red team engagements against critical JPMC assets. The successful candidate will have a proven track record in conducting network exploitation operations and application penetration tests. Additionally, the candidate will be able to demonstrate in-depth knowledge and experience around computer networking fundamentals, modern threats and vulnerabilities, attack methodologies and penetration testing tools.
To be successful in this role, the candidate should have expertise and strong experience in at least two of the following areas:
  • Network penetration testing
  • Application (web, mobile, etc.) penetration testing
  • Social engineering (e-mail phishing, phone, physical, etc.)
  • Red Team operations
Required qualifications:
  • Strong understanding of networking fundamentals (all OSI layers, protocols, etc.)
  • Strong understanding of Windows/Linux/Unix operating systems
  • Strong understanding of operating system and software vulnerabilities and exploitation techniques
  • Strong understanding of web application vulnerabilities and exploitation techniques, covering the OWASP Top 10 as a minimum
  • Strong knowledge of and experience with commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
  • Ability to deliver high quality reporting on technical issues identified and providing remediation guidelines
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Preferred qualifications:
  • Bachelor's Degree in Engineering or Technology related fields a major plus
  • SANS (GPEN, GXPN, GWAPT), Offensive Security (OSCP, OSCE), CREST/Tiger Scheme Certified Tester certifications strongly desired.
  • Knowledge of malware packing, obfuscation, persistence, exfiltration techniques
  • Knowledge and experience in using interpreted languages (Ruby, Python, Perl, etc.) and/or compiled languages (C, C++, C#, Java, etc.)
  • Experience in developing in house tools / scripts to improve delivery and facilitate testing operations
  • Ability to perform targeted, covert  penetration tests with vulnerability identification, exploitation and post-exploitation activities with no or minimal use of automated tools
  • Well versed in security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
  • Knowledge of application reverse engineering techniques and procedures
  • Understanding of financial sector, or other large organization, security and IT infrastructures
Other skills:
  • Excellent written and verbal communication skills
  • Ability to articulate and visually present complex penetration testing and red team results
  • Ability to work effectively independently and in a team
  • Ability to coordinate, work with and gain the trust of business stakeholders to achieve a desired objective
  • Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
Apply Now    

Join our Talent Community

Not ready to apply? Leave your information with us and we will keep you up to date with new career opportunities.

Other Information

Apply Using LinkedIn

You can also apply using your LinkedIn® profile. It may save you some time because your information will be automatically transferred into our system. Just click on the LinkedIn logo when you get to the application screen and follow the directions.

Submit an Updated Résumé

During the application process, be sure you have an up-to-date copy of your Résumé, your cover letter and any other documentation you would like to submit.