Senior Consultant - Offensive Cybersecurity team

KPMG

$90K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Information Security, or related field.
  • Minimum 1 year of experience in application security testing.
  • Knowledge of infrastructure vulnerability assessments and penetration testing.
  • Familiarity with security testing frameworks such as OWASP, OSSTMM, and PTES.
  • Programming skills in Python and Java.
  • Relevant certifications like OSCP, BSCP, or HTB CPTS.

Responsibilities

  • Perform manual and automated application security assessments on web and mobile applications.
  • Define and execute test cases to identify and exploit vulnerabilities.
  • Analyze the impact and severity of identified exploits.
  • Document findings and make actionable recommendations to client stakeholders.
  • Stay current on emerging security vulnerabilities and industry best practices.

Benefits

  • Inclusive and barrier-free workplace culture.
  • Commitment to personal and professional development.
  • Support for accommodations during the recruitment process.
  • AI-enhanced recruitment experience while preserving human judgment.
  • Diverse and collaborative team environment.
Full Job Description
Overview

Are you a talented individual with a proven track record on executing project deliverables.

This is a key role within the Cyber Defense - Offensive Security Team at KPMG, where the candidate will serve as a subject matter expert primarily in web application security, and also perform infrastructure vulnerability assessment and penetration testing, red/purple team assessment and social engineering exercises. The selected candidate will work on client projects to understand requirements, conduct manual and automated penetration tests, draft reports and provide detailed walkthroughs of the reports to relevant client stakeholders.

What you will do

  • Perform manual and automated application security assessments on web applications, mobile applications and network infrastructure using industry standards. This includes controlled exploitation of identified vulnerabilities, simulating real-world attacks through manual penetration testing.
  • Define and execute test cases to identify and exploit vulnerabilities and weaknesses.
  • Analyze the impact and severity of exploits, determining the associated risks and potential consequences.
  • Document findings and provide pragmatic recommendations. Clearly and effectively communicate the findings to client stakeholders.
  • Stay updated with the latest security vulnerabilities, techniques, and industry best practices.

What you bring to the role

  • Bachelor's or relevant degree in Computer Science, Information Security, or a related field.
  • Minimum of 1 year of experience in application security testing.
  • Knowledge of performing infrastructure vulnerability assessment and penetration testing, red team assessment and social engineering.
  • Expertise in security testing frameworks, including:
    • Open Web Application Security Project (OWASP)
    • Open-Source Security Testing Methodology Manual (OSSTMM)
    • Penetration Testing Execution Standard (PTES)
  • Programming knowledge (python, java)
  • Relevant certifications, such as:
    • Offensive Security Certified Professional (OSCP)
    • Burp Suite Certified Practitioner (BSCP)
    • HTB Certified Penetration Testing Specialist (HTB CPTS)

Preferred Qualifications
  • Excellent communication skills to present findings and recommendations to technical and non-technical stakeholders.
  • Ability to work independently and collaboratively in a fast-paced, client-facing environment.
  • Experience in consulting or professional services, particularly in offensive security.

We prioritize candidates that demonstrate a strong passion for cybersecurity and have hands-on experience showcasing their skills in a local lab environment, such as through capture-the-flag (CTF) competitions, personal lab projects, or open-source contributions.

While being primarily francophone, the selected candidate must demonstrate excellent communication and presentation skills in English, with the ability to present complex strategic topics to a diverse range of stakeholders located in English-speaking regions of Canada, such as Ontario.

Similar Jobs

More Jobs at KPMG

More Information Technology Jobs

Find similar Senior Consultant - Offensive Cybersecurity team jobs: