Manager, Software Security Analyst

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today’s most important industries. Our growth is driven by delivering real results for our clients. It’s also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it’s no wonder we’re consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you’re as passionate about your future as we are, join our team.

KPMG is currently seeking a Manager, Software Security Analyst to join our Global Technology team which is part of the KPMG International organization.

Responsibilities:

• Lead a team of subject matter experts for secure coding, exercising proficiency in multiple programming languages and developer frameworks (e.g. C#, ASP.NET, MVC, jQuery, TypeScript, Angular, and Bootstrap) as well as learn on the fly and train others to improve the team’s technical expertise
• Apply in-depth experience and knowledge of foundational security concepts, software threats, threat modeling, vulnerability exploitation and common application vulnerabilities (including, but not limited to SQL Injection, Cross-Site Scripting and Session Management) to help development teams protect KPMG’s IT systems from attack
• Leverage familiarity with common application architectures (Micro Services, MVC, SOA+SPA, etc.) to detect vulnerabilities and suggest improvements
• Design and implement automated tools for static and dynamic analysis of software to find defects and vulnerabilities
• Manually review source code in multiple programming languages, offering suggestions for remediation or mitigation

Qualifications:

• Minimum five years of recent experience relevant application development and IT security experience
• Bachelor’s Degree from an accredited college or university or equivalent work experience
• Professional certifications in information technology security; Certified Information System Security Professional (CISSP) preferred
• Experience supporting software application and system code security assessments using automated tools such as Fortify On-Demand
• Ability to conduct/ hands-on review of software applications and systems from a security and privacy perspective; review and contribute to KPMG IT Standards used in the solution security review process and provide security recommendations and better practices regarding secure software development in waterfall, agile and DevOps method
• Experience with computer forensics practices and procedures, basic investigations and evidence handling is preferred

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.