Senior Penetration Tester - Remote

KPMG


Job Description
**Business Title:** Senior Penetration Tester - Remote**Requisition Number:** 85573 - 21**Function:** Business Support Services**Area of Interest:****State:** FL**City:** Fort Lauderdale**Description:**Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.KPMG is currently seeking a Senior Penetration Tester to join our Digital Nexus technology organization. This is a remote work opportunity.Responsibilities:+ Perform Vulnerability assessment of Web applications, APIs, mobile application, Desktop, and Citrix hosted applications in SDLC and agile fashions based on different security frameworks such as OWASP and CWE; Perform triaging of scan results, and support findings with proof of concepts+ Report and explain security gaps to different stakeholders leveraging great communication abilities; Perform risk assessment of the reported security gaps, providing reasonable explanation of severity of the issues+ Leverage SAST tools results in DAST process to uncover underlying issues+ Aid in uncovering underlying trends and issues in the software development process+ Assist responding to world-wide vulnerability disclosure+ Initiate and lead security project across the firm; Search and stay up to date with the latest vulnerabilities, threat and techniques; ability to write automation tools in Python or any other scripting language if neededQualifications:+ Minimum five years of hands-on experience with solid understanding of OWASP top 10 and CWE; Solid understanding of IT risk concepts; Experience with performing code review, as well as with mobile application testing is a bonus+ Bachelor's degree from an accredited college/university or equivalent work experience+ In-depth knowledge of any proxying tools such as Paros, Burp and ZAP+ Knowledge in GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Certified Ethical Hacker (CEH), OSCP and OCWE+ Familiar with network security controls such Web Application Firewall (WAF), evasion techniques and Metasploit framework+ Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authorityKPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link (https://assets.kpmg.com/content/dam/kpmg/us/pdf/2018/09/eeo.pdf) contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.At KPMG any employee, partner or contractor must be fully vaccinated or have a reasonable accommodation for COVID-19 in order to go to any KPMG office, or to work on or in association with a federal contract (unless prohibited by applicable law).**GL:** 4**GF:** 15310
Industry