KPMG's Advisory practice is expanding rapidly, reflecting significant client demand. As we navigate this dynamic environment, we seek adaptable and collaborative professionals to join our team. At KPMG, we prioritize our people, offering extensive learning and career development opportunities, a world-class training facility, and leading market tools to ensure personal and professional growth. If you're interested in a firm that values team connection and provides the flexibility to explore new inspirations while enhancing your skills, consider a career in our Advisory practice.
KPMG is currently seeking a Lead AI Security Penetration Tester to join our Managed Services practice.
Responsibilities:
• Conduct AI-oriented penetration testing engagements, including hands-on testing of AI/ML systems, objective-focused evaluations of AI features, and assessments of both traditional and AI-specific attack surfaces.
• Perform threat modeling for AI-driven applications, assess AI-related business logic, and conduct architecture reviews with a focus on adversarial machine learning vulnerabilities, prompt injection vulnerabilities, and other security risks unique to AI.
• Enhance and innovate AI-powered tools and methodologies for offensive security tasks, including discovery, exploitation, fuzzing, and adversarial machine learning testing, with a focus on web applications, APIs, and mobile platforms.
• Present AI penetration testing results to both technical and non-technical stakeholders through live demonstrations, and work jointly with engineering, development, and security teams to facilitate remediation efforts and advise on secure AI model development practices.
• Stay abreast of emerging AI attack techniques, assess their potential implications, identify security weaknesses, and provide actionable strategies to fortify AI defenses.
• Collaborate with internal Red Teams, Security Operations Center analysts, and AI security researchers to enhance AI red teaming strategies by integrating new adversarial machine learning techniques and established exploitation methods.
• Operate with integrity, professionalism, and accountability, contributing to a respectful and courteous workplace at KPMG.
Qualifications:
• A minimum of three years of recent penetration testing experience focusing on APIs, web applications, and mobile applications, with preferred experience in AI model security testing.
• A bachelor's degree from an accredited institution is required.
• Demonstrated expertise in AI red teaming and adversarial attack techniques, including prompt engineering attacks, large language model vulnerability assessments, and evasion methods.
• Proficiency with penetration testing tools (such as Burp Suite Pro, Netsparker, Checkmarx) and AI security frameworks (such as TensorFlow, PyTorch, LLM APIs, LangChain).
• Exceptional communication and presentation skills to convey AI-related vulnerabilities to both technical and non-technical stakeholders and promote effective remediation.
• Possession of one or more major ethical hacking certifications (like GWAPT, CREST, OSWE, OSWA) and certifications or training in AI security methodologies.
• Willingness to travel as necessary.
• Applicants must be authorized to work in the U.S. without the need for employment-based visa sponsorship now or in the future.
KPMG LLP and its affiliates are committed to compliance with all regulations regarding salary transparency.
California Salary Range: $84,500 - $179,300.
KPMG offers a comprehensive compensation and benefits package and is an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, citizenship status, disability, protected veteran status, or any other category protected by law. KPMG recruits on a rolling basis. Candidates should apply promptly for this and other opportunities of interest.
