Senior Specialist, MAST Application Penetration Tester
Job Description
At KPMG's Managed Services practice, the Senior Specialist, MAST Application Penetration Tester leads hands-on security testing across APIs, web, mobile, and thick-client applications. This role blends practical testing with threat modeling and architecture reviews, and it includes delivering live demonstrations while working largely autonomously on engagements. The position is onsite in New York, NY, with a salary range of USD 95,855 to 208,265 per year.
Responsibilities
- Perform manual penetration testing of APIs (REST/SOAP), web applications, mobile apps, and thick-client applications
- Carry out testing engagements guided by defined objectives
- Conduct threat modeling, assess business logic, and perform application architecture reviews
- Demonstrate testing experience in real time through demos to internal and external audiences
- Operate independently on penetration testing engagements with minimal oversight
- Uphold integrity, professionalism, and a respectful work environment within KPMG
Requirements
- Minimum three years of recent hands-on experience in application penetration testing of APIs, web applications, or mobile applications
- Bachelor's degree from an accredited institution or equivalent industry experience
- Ability to communicate reporting results to both technical and non-technical audiences and lead remediation conversations
- Experience with Burp Suite Pro and other testing tools such as Netsparker and Checkmarx
- Major ethical hacking certifications are preferred but not required; GWAPT, CREST, OSWE, or OSWA are examples
- Willingness to travel as needed
- Authorized to work in the U.S. without visa sponsorship now or in the future; no sponsorship is offered
Technologies
- Burp Suite Pro
- Netsparker
- Checkmarx
Benefits
- Medical and dental plans
- Vision coverage
- Disability and life insurance
- 401(k) plans
- Personal well-being benefits
- Personal Time Off
- Holidays