What are the responsibilities and job description for the Penetration Tester - SCA (contract) position at KPMG US?
KPMG Assignment Select is geared toward independent professionals interested in temporary or project-based work. Our team is comprised of highly trained third-party professional individuals who are in the right place, at the right time, with the right skillset.
KPMG is working through its partnership with MBO Partners and is currently seeking a remote contractor in the United States.
Penetration Testers - SCA
Remote
Responsibilities
KPMG and MBO Partners are equal opportunity employers/contractors. All qualified applicants are considered without regard to race, color, creed, religion, age, sex/gender, national origin, ancestry, citizenship status, marital status, sexual orientation, gender identity or expression, disability, physical or mental handicap unrelated to ability, pregnancy, veteran status, unfavorable discharge from military service, genetic information, or other legally protected status.
Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pay Rate Range
Min Pay Rate Max Pay Rate Currency Unit 75 85 USD hourly
KPMG is working through its partnership with MBO Partners and is currently seeking a remote contractor in the United States.
Penetration Testers - SCA
Remote
Responsibilities
- Conduct manual application penetration testing against APIs (REST/SOAP), web applications, mobile applications, and thick client applications.
- Perform objective-based, abstract penetration testing engagements independently with minimal oversight and guidance.
- Conduct threat modeling, evaluate application business logic, and perform detailed application architecture reviews.
- Demonstrate application testing experience live via demos to both internal and external audiences.
- Perform manual security code reviews for common programming languages (Java, .NET).
- Conduct automated testing of running applications and static code (SAST, DAST).
- Identify and exploit vulnerabilities in web applications, internal applications, APIs, internal and external networks, and mobile applications through manual penetration testing.
- Use formal programming experience in Java/C# (minimum 6 months) to understand and test applications effectively.
- Develop new testing methods to identify vulnerabilities and potential entry points for attackers to exploit applications, networks, and systems.
- Act with integrity, professionalism, and personal responsibility to uphold the firm’s respectful and courteous work environment.
- 3-5 years of hands-on experience in application penetration testing.
- Proven experience in performing manual security code reviews using common programming languages (Java, .NET).
- Proficiency in conducting automated testing (SAST, DAST) and manual application penetration tests on various systems, including web applications, APIs, and mobile applications.
- Formal programming experience in Java or C# for at least 6 months.
- Ability to create new testing methods to identify vulnerabilities and attackers' entry points.
- One or more major ethical hacking certifications (not required but preferred), such as GWAPT, OSWE, or OSWA.
- Demonstrated ability to conduct complex and abstract penetration testing engagements.
- Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)
KPMG and MBO Partners are equal opportunity employers/contractors. All qualified applicants are considered without regard to race, color, creed, religion, age, sex/gender, national origin, ancestry, citizenship status, marital status, sexual orientation, gender identity or expression, disability, physical or mental handicap unrelated to ability, pregnancy, veteran status, unfavorable discharge from military service, genetic information, or other legally protected status.
Los Angeles County applicants: Material job duties for this position are listed above. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, and safeguard business operations and company reputation. Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pay Rate Range
Min Pay Rate Max Pay Rate Currency Unit 75 85 USD hourly
Lead Penetration Tester
Lensa -
Charlotte, NC
Lead Penetration Tester
Honeywell -
Charlotte, NC
Sr. Web Application Penetration Tester
The Hartford -
Charlotte, NC
