KPMG US
Senior Specialist, SCA Penetration Tester
KPMG US, San Diego, California, United States, 92189
Senior Specialist, SCA Penetration Tester – KPMG US
KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and we do not anticipate that slowing down. In this environment, our professionals thrive in a collaborative, team-driven culture. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility to find new areas of inspiration, consider a career in Advisory.
Responsibilities
Conduct in-depth source code analysis and manual penetration testing of web applications to identify vulnerabilities and security flaws Collaborate with development and engineering teams to remediate findings and provide secure coding guidance Utilize industry-standard tools (for example: Burp Suite, OWASP ZAP, Fortify, Checkmarx) to perform dynamic and static application security testing Document and communicate findings in detailed reports, including risk ratings, remediation recommendations, and technical evidence Stay current with emerging threats, attack vectors, and security trends relevant to web applications and source code vulnerabilities Support internal security initiatives and contribute to the development of secure coding standards and best practices Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications
Minimum three years of recent experience in web application penetration testing and source code analysis Bachelor's degree from an accredited college or university in computer science, cybersecurity, or a related field Familiarity with secure coding practices and common vulnerabilities (for example: OWASP Top 10) Hands-on experience with SAST and DAST tools, and scripting languages such as Python, JavaScript, or Java Strong analytical, problem-solving, and communication skills Relevant certifications (for example: OSCP, GWAPT, CEH, CSSLP) are a plus but not required Ability to travel as required Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity KPMG LLP and its affiliates comply with local/state regulations regarding displaying salary ranges. If required, ranges are for locations listed. KPMG offers a comprehensive benefits package and a Total Rewards program, including medical and dental plans, vision coverage, disability and life insurance, 401(k), and well-being benefits. Details about benefits are available on the KPMG US Careers site. KPMG is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or any other protected status as required by law. No phone calls or agencies please. We recruit on a rolling basis; candidates are encouraged to apply promptly for roles of interest.
#J-18808-Ljbffr
Conduct in-depth source code analysis and manual penetration testing of web applications to identify vulnerabilities and security flaws Collaborate with development and engineering teams to remediate findings and provide secure coding guidance Utilize industry-standard tools (for example: Burp Suite, OWASP ZAP, Fortify, Checkmarx) to perform dynamic and static application security testing Document and communicate findings in detailed reports, including risk ratings, remediation recommendations, and technical evidence Stay current with emerging threats, attack vectors, and security trends relevant to web applications and source code vulnerabilities Support internal security initiatives and contribute to the development of secure coding standards and best practices Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Qualifications
Minimum three years of recent experience in web application penetration testing and source code analysis Bachelor's degree from an accredited college or university in computer science, cybersecurity, or a related field Familiarity with secure coding practices and common vulnerabilities (for example: OWASP Top 10) Hands-on experience with SAST and DAST tools, and scripting languages such as Python, JavaScript, or Java Strong analytical, problem-solving, and communication skills Relevant certifications (for example: OSCP, GWAPT, CEH, CSSLP) are a plus but not required Ability to travel as required Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity KPMG LLP and its affiliates comply with local/state regulations regarding displaying salary ranges. If required, ranges are for locations listed. KPMG offers a comprehensive benefits package and a Total Rewards program, including medical and dental plans, vision coverage, disability and life insurance, 401(k), and well-being benefits. Details about benefits are available on the KPMG US Careers site. KPMG is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or any other protected status as required by law. No phone calls or agencies please. We recruit on a rolling basis; candidates are encouraged to apply promptly for roles of interest.
#J-18808-Ljbffr