Specialist, Security Tester

KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we do not anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative, team-driven culture. At KPMG, our people are our number one priority. With a wealth of learning and career development opportunities, a world-class training facility and leading market tools, we make sure our people continue to grow both professionally and personally. If you're looking for a firm with a strong team connection where you can be your whole self, have an impact, advance your skills, deepen your experiences, and have the flexibility and access to constantly find new areas of inspiration and expand your capabilities, then consider a career in Advisory.KPMG is currently seeking a Specialist, Security Tester to join our Advisory Services practice.Responsibilities:Perform automated application / network penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applicationsExecute dynamic application security tests on web applications and static application security tests on source code, including identifying false positives and reprioritizing findings severityConduct vulnerability analysis against internal and external networks leveraging automation techniques and solutionsElevate to executing independently in either the application or network domain within one year of serviceAct with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environmentQualifications:Minimum one year of recent experience performing application and/or network penetration tests using tools such as AppScan, NetsSparker, Acunetix, BurpSuite, OWASP ZAP, Tenable Nessus, Qualys, Kali Linux, Metasploit, or equivalent; minimum one year of recent experience working with technical and non-technical audiences in reporting results and leading remediation conversationsBachelor's degree from an accredited college or university is requiredExperience in one or more of the following a plus: mobile application testing, manual code analysis, and/or static analysis using Veracode, Fortify, SonarQube, Checkmarx, Contrast or equivalentExperience in one of the following a plus: Python, JavaScript, PHP, C/C++, SQL, and moreOne or more ethical hacking certifications preferred (for example: CEH, GWAPT, GPEN, OSCP, OSWA)Ability to travel as necessaryApplicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)KPMG LLP and its affiliates and subsidiaries (

Created: 2025-12-22