Specialist, Penetration Tester

We are seeking a dedicated professional to join our Managed Services practice as a Specialist, Penetration Tester. KPMG's Advisory practice is our fastest-growing sector, driven by tremendous client demand. We value adaptability, collaboration, and continuous growth, offering extensive learning opportunities, a world-class training facility, and leading market tools.

1. Perform automated application and network penetration tests to identify vulnerabilities in web applications, internal applications, APIs, networks, and mobile applications.
2. Conduct dynamic security tests on web applications and static analysis on source code, managing false positives and severity levels.
3. Execute vulnerability analyses on internal and external networks using automation tools.
4. Develop independence in executing penetration tests within the application or network domain within one year.
5. Uphold integrity, professionalism, and personal responsibility to maintain a respectful work environment.

• At least one year of recent experience with application and/or network penetration tools (e.g., BurpSuite, OWASP ZAP, Nessus, Kali Linux, Metasploit) and experience communicating results to technical and non-technical audiences.
• Bachelor's degree or equivalent industry experience.
• Background in mobile testing, manual or static code analysis using tools like Veracode or Fortify.
• Proficiency in programming languages such as Python, JavaScript, PHP, C/C++, SQL.
• Optional certifications like CEH, GWAPT, GPEN, OSCP, OSWA are a plus.
• Ability to travel as needed and authorized to work in the U.S. without sponsorship.

KPMG offers a comprehensive benefits package, competitive salary ranges based on location, and a commitment to diversity and inclusion. For salary details outside California, please visit this link. We encourage qualified candidates to apply promptly as recruitment is ongoing.