Cyber - KPMG International - Consultant-SAST , DAST

• *Description for Internal Candidates    
  Roles and Responsibilities: SAST, DAST-Consultant
• Analyze False positives on the Fortify Scans to identify potential security risks and vulnerabilities.
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis.
• Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. 
• Implement advanced cryptographic techniques, authentication, and authorization protocols to secure sensitive data.
• Establish and maintain Access Control Lists (ACL) to manage and regulate network access.
  Develop and execute Disaster Recovery (DR) plans to ensure business continuity in case of security incidents.
• Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders to integrate security best practices seamlessly into project workflows.
• Provide mentorship and guidance to junior security staff and foster a culture of proactive security awareness within the organization.
•  One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA

• *Description for Internal Candidates    
  Roles and Responsibilities: SAST, DAST-Consultant
• Analyze False positives on the Fortify Scans to identify potential security risks and vulnerabilities.
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis.
• Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. 
• Implement advanced cryptographic techniques, authentication, and authorization protocols to secure sensitive data.
• Establish and maintain Access Control Lists (ACL) to manage and regulate network access.
  Develop and execute Disaster Recovery (DR) plans to ensure business continuity in case of security incidents.
• Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders to integrate security best practices seamlessly into project workflows.
• Provide mentorship and guidance to junior security staff and foster a culture of proactive security awareness within the organization.
•  One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA

Prior Experience:

The candidate must have 4 to 6 years of relevant experience in a similar role, preferably in a professional services organization.