Apply on Employer Site

KPMG US · 2 hours ago

Senior Specialist, MAST Application Penetration Tester

Greenville, SC

Full-time

Hybrid

Mid, Senior Level

$84K/yr - $179K/yr

3+ years exp

KPMG is a leading advisory firm currently seeking a Senior Specialist, MAST Application Penetration Tester to join their Managed Services practice. This role involves conducting manual application penetration testing across various platforms, executing threat modeling, and demonstrating application testing expertise to both internal and external audiences.

Financial Services

No H1B

Responsibilities

Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications

Perform objective based on abstract penetration testing engagements

Execute threat modeling, evaluate application business logic, and perform application architecture reviews

Demonstrate application testing experience in real time via demos to both internal and external audiences

Function independently in penetration testing engagements, with minimal oversight and guidance

Act with integrity, professionalism, and personal responsibility to uphold KPMG's respectful and courteous work environment

Qualification

Application penetration testingAPI testingBurp Suite ProEthical hacking certificationCommunication skills

Required

Minimum three years of recent experience in application penetration testing of Application Programming Interface (API's), web applications, or mobile applications

Bachelor's degree from an accredited college/university or equivalent industry experience

Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations

Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx

Ability to travel as required

Must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future. KPMG LLP will not sponsor applicants for U.S. work visa status for this opportunity (no sponsorship is available for H-1B, L-1, TN, O-1, E-3, H-1B1, F-1, J-1, OPT, CPT or any other employment-based visa)

Preferred

One or more major ethical hacking certifications not required but preferred; GIAC Web Application Penetration Tester (GWAPT), Council for Registered Ethical Security Testers (CREST), Offensive Security Web Expert (OSWE), Offensive Security Web Assessor (OSWA)

Benefits

A comprehensive, competitive benefits package, with options designed to help you make the best decisions for yourself, your family, and your lifestyle

Medical and dental plans

Vision coverage

Disability and life insurance

401(k) plans

A robust suite of personal well-being benefits to support your mental health

Personal Time Off per fiscal year

Two firmwide breaks each year where employees will not be required to use Personal Time Off