Specialist, Security Tester

KPMG is a leading advisory firm that offers excellent opportunities for career advancement and expertise development. They are seeking a Specialist, Security Tester to perform automated application and network penetration tests, identify vulnerabilities, and contribute to a collaborative team environment.

Responsibilities

• Perform automated application / network penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Execute dynamic application security tests on web applications and static application security tests on source code, including identifying false positives and reprioritizing findings severity
• Conduct vulnerability analysis against internal and external networks leveraging automation techniques and solutions
• Elevate to executing independently in either the application or network domain within one year of service
• Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

Skills

• Minimum one year of recent experience performing application and/or network penetration tests using tools such as AppScan, NetsSparker, Acunetix, BurpSuite, OWASP ZAP, Tenable Nessus, Qualys, Kali Linux, Metasploit, or equivalent
• Minimum one year of recent experience working with technical and non-technical audiences in reporting results and leading remediation conversations
• Bachelor's degree from an accredited college or university is required
• Ability to travel as necessary
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future
• Experience in one or more of the following a plus: mobile application testing, manual code analysis, and/or static analysis using Veracode, Fortify, SonarQube, Checkmarx, Contrast or equivalent
• Experience in one of the following a plus: Python, JavaScript, PHP, C/C++, SQL, and more
• One or more ethical hacking certifications preferred (for example: CEH, GWAPT, GPEN, OSCP, OSWA)

Benefits

• Medical and dental plans
• Vision coverage
• Disability and life insurance
• 401(k) plans
• A robust suite of personal well-being benefits to support your mental health
• Personal Time Off per fiscal year
• Calendar of holidays to be observed during the year
• Two breaks each year where employees will not be required to use Personal Time Off

Company Overview