Senior Offensive Security Engineer

KPMG Delivery Network Bulgaria

Job Location:

Sofia - Bulgaria

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN youll be a part of the KPMG family working alongside some of our professions most skilled practitioners on rewarding programs and initiatives that are changing the way business operates delivering value to our clients and driving positive change in the communities we serve.

Youll be enabling KDN accelerate new ways of working using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm.

And through your work youll build a global network and unlock opportunities that you may not have thought possible with access to great support vast resources and an inclusive supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services Unit is focused on designing building securing and managing cloud native & hybrid platforms for the KPMG group of member firms as well as providing cloud advisory and engineering services to external clients.

Your Responsibilities:

Preparation scoping and execution of penetration tests with customers
Coordination of results and writing of final reports
support in the coordination of larger framework contracts

Your Responsibilities:

Web/API: Manual exploitation beyond scanners; SSRF (incl. IMDS) IDOR/BOLA OAuth/OIDC/JWT issues deserialization template injection GraphQL authZ file upload/RCE.
Internal/AD: Kerberoasting & ASREP roast constrained/unconstrained delegation RBCD ADCS abuses (e.g. ESC1/ESC8) NTLM relay/LLMNR lateral movement and path analysis .
Infrastructure & Enterprise Assessments (ISSAFaligned): Ability to plan and execute structured assessments of enterprise environments using ISSAF covering network/perimeter testing segmentation control validation host/service hardening review (Windows/Linux) identity/directory platforms at a capability level (e.g. AD/Azure AD/LDAP) remote access wireless posture and network device configuration review (firewalls/routers/switches).
Cloud (AWS/Azure): IAM privilege escalation role assumption via SSRF misconfig exploitation (S3/Blob policies) Managed Identity abuse basic Kubernetes/RBAC misconfigs.
General support with technical cyber security topics
Support in the further development of the offensive security area (solutions training concepts)

What you bring in:

OSCP CPTS or comparable qualification
Engagement leadership: Proven ability to scope ROE plan tests lead execution ensure QA and deliver readouts
Tooling & scripting: Burp Suite Pro; Nmap; Impacket/Responder; BloodHound/SharpHound; CrackMapExec; Kerbrute; Python/PowerShell/Bash for PoCs and oneoffs; Git for versioning.
Reporting & communication: Evidencedriven reproducible findings with clear business impact and remediation; confident executive & engineering readouts.
Governance: Strong data handling logging and chainofcustody discipline; operates strictly within ROE and client compliance environments (e.g. ISO 27001 PCI DSS etc).
Fluent English basic German

What we offer:

The chance to work in a top talent team
Attractive remuneration
Build knowledge in cutting-edge technologies
Opportunity for continuous training learning and certification
Experience in an international and multicultural organization
Work on challenging projects with clients in various industries around the globe
Modern office environment
Additional health insurance
Life insurance
50 benefits and services to choose from
Hybrid working policy

Required Experience:

Senior IC

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology. The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms thr...

The world of global advisory audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.

Your Responsibilities:

Preparation scoping and execution of penetration tests with customers
Coordination of results and writing of final reports
support in the coordination of larger framework contracts

Your Responsibilities:

Web/API: Manual exploitation beyond scanners; SSRF (incl. IMDS) IDOR/BOLA OAuth/OIDC/JWT issues deserialization template injection GraphQL authZ file upload/RCE.
Internal/AD: Kerberoasting & ASREP roast constrained/unconstrained delegation RBCD ADCS abuses (e.g. ESC1/ESC8) NTLM relay/LLMNR lateral movement and path analysis .
Infrastructure & Enterprise Assessments (ISSAFaligned): Ability to plan and execute structured assessments of enterprise environments using ISSAF covering network/perimeter testing segmentation control validation host/service hardening review (Windows/Linux) identity/directory platforms at a capability level (e.g. AD/Azure AD/LDAP) remote access wireless posture and network device configuration review (firewalls/routers/switches).
Cloud (AWS/Azure): IAM privilege escalation role assumption via SSRF misconfig exploitation (S3/Blob policies) Managed Identity abuse basic Kubernetes/RBAC misconfigs.
General support with technical cyber security topics
Support in the further development of the offensive security area (solutions training concepts)

What you bring in:

OSCP CPTS or comparable qualification
Engagement leadership: Proven ability to scope ROE plan tests lead execution ensure QA and deliver readouts
Tooling & scripting: Burp Suite Pro; Nmap; Impacket/Responder; BloodHound/SharpHound; CrackMapExec; Kerbrute; Python/PowerShell/Bash for PoCs and oneoffs; Git for versioning.
Reporting & communication: Evidencedriven reproducible findings with clear business impact and remediation; confident executive & engineering readouts.
Governance: Strong data handling logging and chainofcustody discipline; operates strictly within ROE and client compliance environments (e.g. ISO 27001 PCI DSS etc).
Fluent English basic German

What we offer:

The chance to work in a top talent team
Attractive remuneration
Build knowledge in cutting-edge technologies
Opportunity for continuous training learning and certification
Experience in an international and multicultural organization
Work on challenging projects with clients in various industries around the globe
Modern office environment
Additional health insurance
Life insurance
50 benefits and services to choose from
Hybrid working policy

Required Experience:

Senior IC