Work in Illinois Jobs

Illinois Job Link Logo

Job Information

KPMG Static Code Review and Software Composition Analysis Lead in Chicago, Illinois

Business Title: Static Code Review and Software Composition Analysis Lead

Requisition Number: 58708 - 31

Function: Business Support Services

Area of Interest:

State: IL

City: Chicago

Description:

Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team.

KPMG is currently seeking a Static Code Review and Software Composition Analysis Lead to join our Digital Nexus organization.

Responsibilities:

  • Perform secure software code reviews, software composition analysis of apps (Web/Mobile/APIs), these assessments make use of automated and manual scanning tools such as Fortify, Checkmarx, Whitesource, experience in using any of these or similar tools

  • Execution of static application security testing, analysis of libraries, secure containers, Infrastructure as code, orchestration, vulnerability management process and tools

  • Utilize knowledge and understanding of application architecture, design, development and secure coding principles and emerging standards to identify findings and clearly communicate risks and possible remediation

  • Continuously improve the security aspects of operating processes, research and keep up to date with application security threats, techniques, tools, trends and threat mitigation strategies; responsible for understanding security policies and industry best practices

  • Provide guidance to developers, recommended controls and countermeasures, present to technical and non-technical audience about security vulnerabilities and interface with stakeholders

  • Establish and report on metrics to gauge software security effectiveness, progress and key risk areas identified through audits, maintain awareness of the current security threat landscape

Qualifications:

  • Minimum of five years of recent experience in the field of Cyber Security and software development with a strong knowledge of software code reviews

  • Bachelor's degree from an accredited college or university is preferred; certifications in GWEB/GWAPT/CISSP/OSCP preferred

  • Understanding of security principles, IT security controls and related technologies and products; knowledge of OWASP, SANS or other security-related frameworks and penetration testing methodologies

  • Prior experience in Programming & Scripting such as .Net, Groovy, Python and PowerShell is preferred; current knowledge of application security best practices, common exploits and threat landscape

  • Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority; must be able to prioritize, delegate and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork

  • Solid trouble-shooting and organizational skills and ability to work on multiple projects simultaneously; ability to participate in resource planning processes based on defined organizational plans

KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please.

GL: 4

GF: 15310

DirectEmployers