Senior Penetration Tester

The world of global advisory, audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.    

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists, enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN, KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN, you’ll be a part of the KPMG family working alongside some of our profession’s most skilled practitioners on rewarding programs and initiatives that are changing the way business operates, delivering value to our clients, and driving positive change in the communities we serve.

You’ll be enabling KDN accelerate new ways of working, using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm. 

And through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services Unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.

• →Web/API: SSRF, IDOR/BOLA, authN/authZ flaws (including OAuth/OIDC), deserialization, XXE, command/template injection, GraphQL testing; comfort with Burp Pro extensions and custom payloads.
• →Infrastructure & Enterprise Assessments (ISSAF‑aligned): Hands‑on delivery of ISSAF (or equivalent)‑guided assessments across enterprise networks: disciplined recon/enumeration, service/host security baseline checks, validation (not just scanner output) of exploitable misconfigs, pragmatic segmentation testing, light identity/directory assessment (AD/Azure AD/LDAP) as part of end‑to‑end paths, remote access & wireless checks, and firewall/router/switch configuration review; producing reproducible notes and actionable fixes.
• →Internal/AD: Kerberoasting/AS‑REP roast, delegation/RBCD, ADCS misconfig pathways, NTLM relay/LLMNR, BloodHound‑driven pathing, basic detection‑safe tradecraft within scope.
• →Cloud (AWS/Azure): IAM enumeration and privesc, metadata/IMDS misuse, storage/network misconfigs; basic container/K8s attack surface familiarity.

• Certifications: OSCP strongly preferred (or equivalent demonstrable skill via portfolio/bug bounty/CTF write‑ups); OSWE a plus for web‑heavy projects.
• Tooling & scripting: Daily driver experience with Burp Pro, Nmap, Impacket, BloodHound; practical Python/PowerShell/Bash for PoCs; comfort on Linux; Git‑based workflow.
• Method & quality: Follows PTES/OWASP WSTG; keeps detailed, reproducible notes; passes internal peer review/QA; supports remediation re‑tests.
• Reporting: Clear, prioritized write‑ups (evidence -> impact -> actionable fix) suitable for engineers; contributes to shared runbooks and templates.
• Nice to have: Exposure to mobile or thick‑client testing, API fuzzing, code‑assisted review, CI/CD‑adjacent testing, or light automation contributions.
• Fluent English language skills is a must