About the role
Overview
At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
Are you a talented individual with a proven track record on executing project deliverables.
This is a key role within the Cyber Defense Team at KPMG, where the candidate will serve as a subject matter expert primarily in web application security, and also perform infrastructure vulnerability assessment and penetration testing, red/purple team assessment and social engineering exercises. The selected candidate will work on client projects to understand requirements, conduct manual and automated penetration tests, draft reports and provide detailed walkthroughs of the reports to relevant client stakeholders.
What you will do
-
Perform manual and automated application security assessments on web applications, mobile applications and network infrastructure using industry standards. This includes controlled exploitation of identified vulnerabilities, simulating real-world attacks through manual penetration testing.
-
Define and execute test cases to identify and exploit vulnerabilities and weaknesses.
-
Analyze the impact and severity of exploits, determining the associated risks and potential consequences.
-
Document findings and provide pragmatic recommendations. Clearly and effectively communicate the findings to client stakeholders.
-
Stay updated with the latest security vulnerabilities, techniques, and industry best practices.
What you bring to the role
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Minimum of 1 year of experience in application security testing.
- Knowledge of performing infrastructure vulnerability assessment and penetration testing, red team assessment and social engineering.
- Expertise in security testing frameworks, including:
- Open Web Application Security Project (OWASP)
- Open-Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing Execution Standard (PTES)
- Programming knowledge (python, java)
- Relevant certifications, such as:
- Offensive Security Certified Professional (OSCP)
- Burp Suite Certified Practitioner (BSCP)
- HTB Certified Penetration Testing Specialist (HTB CPTS)
About KPMG
KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We have 273,000 outstanding professionals working together to deliver value in 143 countries and territories. With a worldwide presence, KPMG continues to build on our successes thanks to clear vision, defined values and, above all, our people.
Our industry focus helps KPMG firms’ professionals develop a rich understanding of clients' businesses and the insight, skills and resources required to address industry-specific issues and opportunities.
The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.
About the role
Overview
At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.
Are you a talented individual with a proven track record on executing project deliverables.
This is a key role within the Cyber Defense Team at KPMG, where the candidate will serve as a subject matter expert primarily in web application security, and also perform infrastructure vulnerability assessment and penetration testing, red/purple team assessment and social engineering exercises. The selected candidate will work on client projects to understand requirements, conduct manual and automated penetration tests, draft reports and provide detailed walkthroughs of the reports to relevant client stakeholders.
What you will do
-
Perform manual and automated application security assessments on web applications, mobile applications and network infrastructure using industry standards. This includes controlled exploitation of identified vulnerabilities, simulating real-world attacks through manual penetration testing.
-
Define and execute test cases to identify and exploit vulnerabilities and weaknesses.
-
Analyze the impact and severity of exploits, determining the associated risks and potential consequences.
-
Document findings and provide pragmatic recommendations. Clearly and effectively communicate the findings to client stakeholders.
-
Stay updated with the latest security vulnerabilities, techniques, and industry best practices.
What you bring to the role
- Bachelor’s degree in Computer Science, Information Security, or a related field.
- Minimum of 1 year of experience in application security testing.
- Knowledge of performing infrastructure vulnerability assessment and penetration testing, red team assessment and social engineering.
- Expertise in security testing frameworks, including:
- Open Web Application Security Project (OWASP)
- Open-Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing Execution Standard (PTES)
- Programming knowledge (python, java)
- Relevant certifications, such as:
- Offensive Security Certified Professional (OSCP)
- Burp Suite Certified Practitioner (BSCP)
- HTB Certified Penetration Testing Specialist (HTB CPTS)
About KPMG
KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We have 273,000 outstanding professionals working together to deliver value in 143 countries and territories. With a worldwide presence, KPMG continues to build on our successes thanks to clear vision, defined values and, above all, our people.
Our industry focus helps KPMG firms’ professionals develop a rich understanding of clients' businesses and the insight, skills and resources required to address industry-specific issues and opportunities.
The independent member firms of the KPMG network are affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.