Specialist, Security Tester

KPMG is a leading advisory firm that is currently seeking a Specialist, Security Tester to join their Advisory Services practice. The role involves performing automated application and network penetration tests to identify and exploit vulnerabilities, as well as conducting dynamic and static application security tests.

Responsibilities

• Perform automated application / network penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Execute dynamic application security tests on web applications and static application security tests on source code, including identifying false positives and reprioritizing findings severity
• Conduct vulnerability analysis against internal and external networks leveraging automation techniques and solutions
• Elevate to executing independently in either the application or network domain within one year of service
• Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

Skills

• Minimum one year of recent experience performing application and/or network penetration tests using tools such as AppScan, NetsSparker, Acunetix, BurpSuite, OWASP ZAP, Tenable Nessus, Qualys, Kali Linux, Metasploit, or equivalent; minimum one year of recent experience working with technical and non-technical audiences in reporting results and leading remediation conversations
• Bachelor's degree from an accredited college or university is required
• Ability to travel as necessary
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
• Experience in one or more of the following a plus: mobile application testing, manual code analysis, and/or static analysis using Veracode, Fortify, SonarQube, Checkmarx, Contrast or equivalent
• Experience in one of the following a plus: Python, JavaScript, PHP, C/C++, SQL, and more
• One or more ethical hacking certifications preferred (for example: CEH, GWAPT, GPEN, OSCP, OSWA)

Benefits

• Comprehensive, competitive benefits package
• Medical and dental plans
• Vision coverage
• Disability and life insurance
• 401(k) plans
• Robust suite of personal well-being benefits to support your mental health
• Personal Time Off per fiscal year
• Calendar of holidays to be observed during the year
• Two breaks each year where employees will not be required to use Personal Time Off

Company Overview