You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Offensive Security Senior Consultant

Toronto, ON
Full Time
6 days ago

You've got big plans. We have opportunities to match, and we're committed to empowering you to become a better you, no matter what you do.

When you join KPMG you'll be one of over 227,000 professionals providing audit, tax, advisory and business enablement services across 146 countries.

With the support to do things differently, grow personally and professionally and bring your whole self to work, there's no limit to the impact you can make. Let's do this.

The opportunity:

We are looking for a talented individual at the Senior Consultant level to join KPMG's Cyber practice. The successful individual will be driven, and results oriented, with a strong focus on Offensive Security. This individual would be supporting the Penetration Testing, Vulnerability Assessment and Red Teaming service line by executing client engagements, as well as conducting research and development of tools, techniques, among others.

KPMG's Cyber team has received tremendous investment and has been identified as a transformational part of the firm to deliver growth over the next five years. This is an excellent opportunity for those that are looking to stay ahead of the curve and work in a firm with unparalleled career progression opportunities.

At KPMG we are a virtual first work environment; however, this role is required to be located in Toronto, ON. The team looks forward to representing KPMG and growing our practice locally through industry events and client meetings when safe to do so.

What you will do

The successful candidate must be able to demonstrate that he/she:
  • Takes personal responsibility and accountability for own work
  • Sustains a high level of drive, shows enthusiasm and a positive attitude when coping with pressure at work
  • Works in a cooperative, respectful manner with colleagues, clients and the wider community
  • Communicates with impact, in a way that is open, honest, consistent and clear
  • Monitors and upholds high quality of service deliverables to clients (internal and external)
  • Capable to convey technical topics in business-level discussions
  • Is a team player, who understands matrix organizations
  • Conduct vulnerability assessments and penetration testing engagements for networks, web and mobile applications
  • Participate in the modeling and execution of Red Teaming scenarios for organizations across Canada and Internationally
  • Prepare reports tailored for business management providing overview of relevant risks and remediation opportunities
  • Discuss with senior management gaps and observations identified throughout assessments, translating technical observations to business narratives
  • Develop scripts and tools enhancing the security practice at KPMG, and authoring relevant documentation
  • Aid in the research and development of white papers for matters related to Offensive Security

What you bring to the role

  • The successful individual will possess and be able to demonstrate the following skills and behaviors:
    • Experience with web application security testing (e.g. utilizing Burp Suite)
    • Experience with scripting tools on Windows and Linux (e.g. PowerShell, Python, Bash, etc.)
    • Expert knowledge of Kali Linux
    • Understanding of Common Vulnerability Scoring System (CVSS)
    • Understanding of attacker techniques aligned to MITRE's Tactics, Techniques and Procedures (TTPs)
    • Experience with vulnerability scanning solutions (e.g. Nessus, Qualys, etc.)
    • Ability to conduct social engineering engagements (e.g. through phone, e-mail, etc.)
    • Mobile platform and application testing knowledge (e.g. iOS, Android)
    • Understanding of security architectures and knowledge of security technical standards (NIST, ISO, etc.)
    • Experience using virtualization solutions (e.g. VMware, Hyper-V)
    • Good analytical, problem solving and organizational skills
    • Bachelor's degree in an appropriate field from an accredited college/university
    • Ability to coach, lead, and train junior staff

    Keys to your success
    • Understanding of networking concepts (TCP/IP)
    • Deep experience with Windows / Linux operating systems
    • Experience in Red Teaming exercises simulating stealthy attack patterns
    • Great communication skills; written and oral
    • Knowledge of MITRE's ATT&CK framework
    • Knowledge of OWASP Top Ten Web Application Security Risks
    • Active participant on Hack the Box, TryHackMe, and other similar platforms
    • One or more of the following certifications (or equivalent) would be an advantage:
  • GIAC Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • Offensive Security Certified Professionals (OSCP)
  • Offensive Security Certified Expert (OSCE)
  • CREST Registered Penetration Tester
  • CREST Certified Infrastructure Tester

Learn more about where a career at KPMG can take you.

Our Values, The KPMG Way

Integrity, we do what is right | Excellence, we never stop learning and improving | Courage, we think and act boldly | Together, we respect each other and draw strength from our differences | For Better, we do what matters

KPMG is committed to the health and safety of our people, clients and communities. With this commitment in mind, KPMG complies with all public health mandates (provincially and/or federally, as applicable) and has implemented various safety measures, including a COVID-19 Vaccination Policy. KPMG's COVID 19 Vaccination Policy requires all employees to be fully vaccinated if they wish to or are required to attend a KPMG office and/or other congregate settings in the course of their duties (such as client sites or third-party venues).

As this role requires occasional or consistent attendance at a KPMG office and/or congregate setting, the successful candidate must be fully vaccinated (i.e. have received all doses that are recommended by Health Canada, including any boosters) and must provide KPMG with proof of vaccination. KPMG will provide reasonable accommodation if the successful candidate cannot be vaccinated due to grounds protected by human rights legislation in their province of employment.

KPMG in Canada is a proud equal opportunities employer and we are committed to creating a respectful, inclusive and barrier-free workplace that allows all of our people to reach their full potential. A diverse workforce is key to our success and we believe in bringing your whole self to work. We welcome all qualified candidates to apply and hope you will choose KPMG in Canada as your employer of choice.

For general recruitment-related inquiries, please contact the HR Delivery Centre at .

If you have a question about accessible employment at KPMG, or to begin a confidential conversation about your individual accessibility or accommodation needs through the recruitment process, we encourage you to contact us at or phone: 416-777-8002 or toll free 1-888-466-4778.