Senior Penetration Tester
Senior Penetration Tester
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.
The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists enabling economies of scale and a new way of working that expands beyond local capability
Together with KDN KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN youll be a part of the KPMG family working alongside some of our professions most skilled practitioners on rewarding programs and initiatives that are changing the way business operates delivering value to our clients and driving positive change in the communities we serve.
Youll be enabling KDN accelerate new ways of working using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.
And through your work youll build a global network and unlock opportunities that you may not have thought possible with access to great support vast resources and an inclusive supportive environment to help you reach your full potential.
Our KDN Bulgaria Cloud Services Unit is focused on designing building securing and managing cloud native & hybrid platforms for the KPMG group of member firms as well as providing cloud advisory and engineering services to external clients.
Your Responsibilities:
- Web/API: SSRF IDOR/BOLA authN/authZ flaws (including OAuth/OIDC) deserialization XXE command/template injection GraphQL testing; comfort with Burp Pro extensions and custom payloads.
- Infrastructure & Enterprise Assessments (ISSAFaligned): Handson delivery of ISSAF (or equivalent)guided assessments across enterprise networks: disciplined recon/enumeration service/host security baseline checks validation (not just scanner output) of exploitable misconfigs pragmatic segmentation testing light identity/directory assessment (AD/Azure AD/LDAP) as part of endtoend paths remote access & wireless checks and firewall/router/switch configuration review; producing reproducible notes and actionable fixes.
- Internal/AD: Kerberoasting/ASREP roast delegation/RBCD ADCS misconfig pathways NTLM relay/LLMNR BloodHounddriven pathing basic detectionsafe tradecraft within scope.
- Cloud (AWS/Azure): IAM enumeration and privesc metadata/IMDS misuse storage/network misconfigs; basic container/K8s attack surface familiarity.
What you bring in:
- Certifications: OSCP strongly preferred (or equivalent demonstrable skill via portfolio/bug bounty/CTF writeups); OSWE a plus for webheavy projects.
- Tooling & scripting: Daily driver experience with Burp Pro Nmap Impacket BloodHound; practical Python/PowerShell/Bash for PoCs; comfort on Linux; Gitbased workflow.
- Method & quality: Follows PTES/OWASP WSTG; keeps detailed reproducible notes; passes internal peer review/QA; supports remediation retests.
- Reporting: Clear prioritized writeups (evidence -> impact -> actionable fix) suitable for engineers; contributes to shared runbooks and templates.
- Nice to have: Exposure to mobile or thickclient testing API fuzzing codeassisted review CI/CDadjacent testing or light automation contributions.
- Fluent English language skills is a must
What we offer:
- The chance to work in a top talent team
- Attractive remuneration
- Build knowledge in cutting-edge technologies
- Opportunity for continuous training learning and certification
- Experience in an international and multicultural organization
- Work on challenging projects with clients in various industries around the globe
- Modern office environment
- Additional health insurance
- Life insurance
- 50 benefits and services to choose from
- Hybrid working policy
Required Experience:
Senior IC
Employment Type
Full-Time
