Senior Application Security Specialist

The KPMG Advisory practice is leading the charge in transformation, offering outstanding opportunities for individuals to enhance their careers and expertise with KPMG. We are committed to personal and professional growth, fostering a collaborative environment where our professionals can adapt and thrive. At KPMG, our people are our top priority. With abundant learning and development opportunities, a state-of-the-art training facility, and access to cutting-edge market tools, we empower our team to grow both in their careers and personally. If you seek a workplace with strong team connections where you can be your authentic self, make an impact, develop your skills, and explore new areas of interest, look no further than KPMG Advisory. KPMG is currently seeking an experienced Senior Application Security Specialist to join our Managed Services practice. Responsibilities: Conduct manual penetration testing against APIs (REST/SOAP), web applications, mobile applications, and thick client applications. Perform objective-based penetration testing engagements. Execute threat modeling, assess application business logic, and review application architecture. Showcase application testing expertise through real-time demonstrations to both internal and external audiences. Work independently on penetration testing engagements with minimal oversight. Uphold integrity and professionalism to maintain a respectful work environment. Qualifications: A minimum of three years of recent experience in application penetration testing of APIs, web applications, or mobile applications. Bachelor's degree from an accredited institution or equivalent industry experience. Exceptional communication skills to convey findings to technical and non-technical audiences and guide remediation discussions. Experience with Burp Suite Pro, as well as other application testing tools such as Netsparker and Checkmarx. One or more major ethical hacking certifications are preferred, such as GIAC Web Application Penetration Tester (GWAPT), CREST, Offensive Security Web Expert (OSWE), or Offensive Security Web Assessor (OSWA). Willingness to travel as needed. Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG offers a comprehensive benefits package, including various medical and dental plans, vision coverage, disability and life insurance, and a 401(k) plan. Eligible employees receive personal time off based on service and standard work hours, with company-observed holidays, including two breaks each year where PTO is not required. For further details on our benefits, please refer to our KPMG US Careers site. KPMG is an equal opportunity employer, adhering to all federal, state, and local laws regarding recruitment and hiring. All qualified applicants are considered without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, or protected veteran status. KPMG recruits on a rolling basis, and candidates are encouraged to apply promptly for roles that match their qualifications. Los Angeles County applicants: Material job duties are listed above. Criminal history may negatively impact some job duties and responsibilities, including adherence to company policies and the ability to work safely and respectfully with others. Pursuant to the California Fair Chance Act and related ordinances, we will consider qualified applicants with arrest and conviction records.

Created: 2026-03-06