KPMG Static Code Review and Software Composition Analysis Lead in Chicago, Illinois
Business Title: Static Code Review and Software Composition Analysis Lead
Requisition Number: 58708 - 31
Function: Business Support Services
Area of Interest:
Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.
KPMG is currently seeking a Static Code Review and Software Composition Analysis Lead to join our Digital Nexus organization.
Perform secure software code reviews, software composition analysis of apps (Web/Mobile/APIs), these assessments make use of automated and manual scanning tools such as Fortify, Checkmarx, Whitesource, experience in using any of these or similar tools
Execution of static application security testing, analysis of libraries, secure containers, Infrastructure as code, orchestration, vulnerability management process and tools
Utilize knowledge and understanding of application architecture, design, development and secure coding principles and emerging standards to identify findings and clearly communicate risks and possible remediation
Continuously improve the security aspects of operating processes, research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies; responsible for understanding security policies and industry best practices
Provide guidance to developers, recommended controls and countermeasures, present to technical and non-technical audience about security vulnerabilities and interface with stakeholders
Establish and report on metrics to gauge software security effectiveness, progress and key risk areas identified through audits, maintain awareness of the current security threat landscape
Minimum of five years of recent experience in the field of Cyber Security and software development with a strong knowledge of software code reviews
Bachelor's degree from an accredited college or university is preferred; certifications in GWEB/GWAPT/CISSP/OSCP preferred
Understanding of security principles, IT security controls and related technologies and products; knowledge of OWASP, SANS or other security-related frameworks and penetration testing methodologies
Prior experience in Programming & Scripting such as .Net, Groovy, Python and PowerShell is preferred; current knowledge of application security best practices, common exploits and threat landscape
Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority; must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
Solid trouble-shooting and organizational skills and ability to work on multiple projects simultaneously; ability to participate in resource planning processes based on defined organizational plans
KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.
- KPMG Jobs