Title: Penetration Tester
Location: Orlando, FL - REMOTE
Length: 6-9 months
Start: ASAP
Interview : Video
Ability to travel as necessary (up to 25%).
Responsibilities:
- Perform red and purple team assessments, assumed breach assessments, threat analysis, and social engineering assessments.
- Communicate findings, associated risks, business impacts, and strategies to client stakeholders, including technical staff, executive leadership, and legal counsel.
- Research threats, vulnerabilities, and exploit techniques that attackers may use to exploit people, processes, and technology.
- Develop and prototype novel capabilities and techniques to enhance KPMG US Cyber's red teaming capabilities and to avoid defensive countermeasures.
- Debug exploits and extend red team operations infrastructure automation.
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Understand clients' business environment and basic risk management approaches.
- Guide technical audiences on remediation options and assist them in weighing those options.
- Take ownership for delivering high-quality technical and executive reports.
- Partner with the other KPMG Cyber teams to support the practice and mentor junior and offshore team members on tradecraft and red team operations.
Qualifications:
- Minimum three (3) years of recent experience working with application and/or network penetration tools to perform security tests. Experience with breaching external networks and conducting post-exploitation across applications, internal infrastructure, and cloud environments.
- Understanding of real-world adversary operations TTPs. Experience applying frameworks (e.g., MITRE ATT&CK™) in red and purple team engagements.
- Minimum two (2) years of recent experience conducting red and purple team exercises.
- Expertise in at least one common C2 framework (e.g., Cobalt Strike, Mythic, Empire).
- Experience evading antivirus, egress filtering, application allow-listing, and other security controls.
- Experience with several programming languages (examples include Bash, Python, C/C#/C++, Go, and Rust).
- Experience with quickly configuring and deploying resilient and flexible infrastructure. Ideally proven ability to automate red team operations infrastructure.
- Desirable certifications: O
- SCP, OSEP, OSCE3, GRTP, GXPN, CRTO I/II, Sektor7.
- Ability to travel as necessary (up to 25%).
Preferred Qualifications:
- Security community participation (e.g., conference speaker, tool development contributor).
- Track record in vulnerability research and CVE assignments.
- Experience with PE file format and low-level Windows APIs and internals.
- Experience with reverse engineering and Windows debugging (e.g., via IDA, Ghidra, WinDBG, etc.).
- Knowledge of EDR detection capabilities such as Carbon Black/CrowdStrike, etc. and associated evasion techniques for behavioral based alerts