At KPMG, you’ll join a team of diverse and dedicated problem solvers, connected by a common cause: turning insight into opportunity for clients and communities around the world.

Are you a talented individual with a proven track record on executing project deliverables.

This is a key role within the Cyber Defense – Offensive Security Team at KPMG, where the candidate will serve as a subject matter expert primarily in web application security, and also perform infrastructure vulnerability assessment and penetration testing, red/purple team assessment and social engineering exercises. The selected candidate will work on client projects to understand requirements, conduct manual and automated penetration tests, draft reports and provide detailed walkthroughs of the reports to relevant client stakeholders.

• Perform manual and automated application security assessments on web applications, mobile applications and network infrastructure using industry standards. This includes controlled exploitation of identified vulnerabilities, simulating real-world attacks through manual penetration testing.
• Define and execute test cases to identify and exploit vulnerabilities and weaknesses.
• Analyze the impact and severity of exploits, determining the associated risks and potential consequences.
• Document findings and provide pragmatic recommendations. Clearly and effectively communicate the findings to client stakeholders.
• Stay updated with the latest security vulnerabilities, techniques, and industry best practices.

• Bachelor’s or relevant degree in Computer Science, Information Security, or a related field.
• Minimum of 1 year of experience in application security testing.
• Knowledge of performing infrastructure vulnerability assessment and penetration testing, red team assessment and social engineering.
• Expertise in security testing frameworks, including:
• Open Web Application Security Project (OWASP)
• Open-Source Security Testing Methodology Manual (OSSTMM)
• Penetration Testing Execution Standard (PTES)
• Programming knowledge (python, java)
• Relevant certifications, such as:
• Offensive Security Certified Professional (OSCP)
• Burp Suite Certified Practitioner (BSCP)
• HTB Certified Penetration Testing Specialist (HTB CPTS)

Preferred Qualifications

• Excellent communication skills to present findings and recommendations to technical and non-technical stakeholders.
• Ability to work independently and collaboratively in a fast-paced, client-facing environment.
• Experience in consulting or professional services, particularly in offensive security.

We prioritize candidates that demonstrate a strong passion for cybersecurity and have hands-on experience showcasing their skills in a local lab environment, such as through capture-the-flag (CTF) competitions, personal lab projects, or open-source contributions.

Providing you with the support you need to be at your best

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

Adjustments and accommodations throughout the recruitment process

At KPMG, we are committed to fostering an inclusive recruitment process where all candidates can be themselves and excel. We aim to provide a positive experience and are prepared to offer adjustments or accommodations to help you perform at your best. Adjustments (informal requests), such as extra preparation time or the option for micro breaks during interviews, and accommodations (formal requests), such as accessible communication supports or technology aids, are tailored to individual needs and role requirements. You will have an opportunity to request an adjustment or accommodation at any point throughout the recruitment process. If you require support, please contact KPMG’s Employee Relations Service team by calling 1-888-466-4778.

AI Usage

We embrace the use of artificial intelligence (AI) to enhance the candidate experience and streamline our recruitment processes. AI tools may help with organizing applications or surfacing relevant qualifications. However, no hiring decisions are made using AI. Every hiring decision is made by our hiring managers and recruitment professionals, who are equipped with training that empowers them to use these tools responsibly. AI technologies used in our recruitment process undergo detailed risk assessments, including security and privacy requirements, that align with KPMG’s Trusted AI framework.

We believe technology should empower human judgment, not replace it. It’s one of the many ways we’re delivering on our vision of being a technology-first, people-driven firm.