Penetration Tester

• Perform red and purple team assessments, assumed breach assessments, threat analysis, and social engineering assessments.
• Communicate findings, associated risks, business impacts, and strategies to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Research threats, vulnerabilities, and exploit techniques that attackers may use to exploit people, processes, and technology.
• Develop and prototype novel capabilities and techniques to enhance KPMG US Cyber's red teaming capabilities and to avoid defensive countermeasures.
• Debug exploits and extend red team operations infrastructure automation.
• Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
• Understand clients' business environment and basic risk management approaches.
• Guide technical audiences on remediation options and assist them in weighing those options.
• Take ownership for delivering high-quality technical and executive reports.
• Partner with the other KPMG Cyber teams to support the practice and mentor junior and offshore team members on tradecraft and red team operations.

• Minimum three (3) years of recent experience working with application and/or network penetration tools to perform security tests. Experience with breaching external networks and conducting post-exploitation across applications, internal infrastructure, and cloud environments.
• Understanding of real-world adversary operations TTPs. Experience applying frameworks (e.g., MITRE ATT&CK™) in red and purple team engagements.
• Minimum two (2) years of recent experience conducting red and purple team exercises.
• Expertise in at least one common C2 framework (e.g., Cobalt Strike, Mythic, Empire).
• Experience evading antivirus, egress filtering, application allow-listing, and other security controls.
• Experience with several programming languages (examples include Bash, Python, C/C#/C++, Go, and Rust).
• Experience with quickly configuring and deploying resilient and flexible infrastructure. Ideally proven ability to automate red team operations infrastructure.
• Desirable certifications: O
• SCP, OSEP, OSCE3, GRTP, GXPN, CRTO I/II, Sektor7.
• Ability to travel as necessary (up to 25%).

• Security community participation (e.g., conference speaker, tool development contributor).
• Track record in vulnerability research and CVE assignments.
• Experience with PE file format and low-level Windows APIs and internals.
• Experience with reverse engineering and Windows debugging (e.g., via IDA, Ghidra, WinDBG, etc.).
• Knowledge of EDR detection capabilities such as Carbon Black/CrowdStrike, etc. and associated evasion techniques for behavioral based alerts

TekVivid