Specialist, Security Tester

KPMG is a leading advisory firm that is currently seeking a Specialist, Security Tester to join their Advisory Services practice. The role involves performing automated application and network penetration tests to identify and exploit vulnerabilities, as well as conducting dynamic and static application security tests. Responsibilities Perform automated application / network penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Execute dynamic application security tests on web applications and static application security tests on source code, including identifying false positives and reprioritizing findings severity Conduct vulnerability analysis against internal and external networks leveraging automation techniques and solutions Elevate to executing independently in either the application or network domain within one year of service Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment Skills Minimum one year of recent experience performing application and/or network penetration tests using tools such as AppScan, NetsSparker, Acunetix, BurpSuite, OWASP ZAP, Tenable Nessus, Qualys, Kali Linux, Metasploit, or equivalent; minimum one year of recent experience working with technical and non-technical audiences in reporting results and leading remediation conversations Bachelor's degree from an accredited college or university is required Ability to travel as necessary Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future; KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa) Experience in one or more of the following a plus: mobile application testing, manual code analysis, and/or static analysis using Veracode, Fortify, SonarQube, Checkmarx, Contrast or equivalent Experience in one of the following a plus: Python, JavaScript, PHP, C/C++, SQL, and more One or more ethical hacking certifications preferred (for example: CEH, GWAPT, GPEN, OSCP, OSWA) Benefits Medical and dental plans Vision coverage Disability and life insurance 401(k) plans Robust suite of personal well-being benefits to support your mental health Personal Time Off per fiscal year Calendar of holidays to be observed during the year Two breaks each year where employees will not be required to use Personal Time Off Company Overview KPMG is one of the world’s leading professional services firms and the fastest growing Big Four accounting firm in the United States. It was founded in 1987, and is headquartered in New York, NY, US, with a workforce of 10001+ employees. Its website is