Penetration Testing Manager

The world of global advisory, audit and tax compliance services for large multi-nationals is rapidly changing and heavily dependent on technology.    

The KPMG Delivery Network (KDN) is a KPMG special purpose member firm offering a way for clients to leverage KPMG top talent and technology platforms through regional teams of specialists, enabling economies of scale and a new way of working that expands beyond local capability

Together with KDN, KPMG member firms can drive the sales and delivery of global solutions at a competitive price and in a repeatable and consistent manner. As a member of KDN, you’ll be a part of the KPMG family working alongside some of our profession’s most skilled practitioners on rewarding programs and initiatives that are changing the way business operates, delivering value to our clients, and driving positive change in the communities we serve.

You’ll be enabling KDN accelerate new ways of working, using cutting-edge technology and working together with our member firms located in nearly 150 countries to help us achieve our ambition to be the most trusted and trustworthy professional services firm. 

And through your work, you’ll build a global network and unlock opportunities that you may not have thought possible with access to great support, vast resources, and an inclusive, supportive environment to help you reach your full potential.

Our KDN Bulgaria Cloud Services Unit is focused on designing, building, securing and managing cloud native & hybrid platforms for the KPMG group of member firms, as well as providing cloud advisory and engineering services to external clients.

//

• →Preparation, scoping and execution of penetration tests with customers 
• →Coordination of results and writing of final reports
• →support in the coordination of larger framework contracts 
• →
  

• →

  Web/API: Manual exploitation beyond scanners; SSRF (incl. IMDS), IDOR/BOLA, OAuth/OIDC/JWT issues, deserialization, template injection, GraphQL authZ, file upload/RCE.

• →

  Internal/AD: Kerberoasting & AS‑REP roast, constrained/unconstrained delegation, RBCD, ADCS abuses (e.g., ESC1/ESC8), NTLM relay/LLMNR, lateral movement and path analysis .

• →

  Infrastructure & Enterprise Assessments (ISSAF‑aligned): Ability to plan and execute structured assessments of enterprise environments using ISSAF covering network/perimeter testing, segmentation control validation, host/service hardening review (Windows/Linux), identity/directory platforms at a capability level (e.g., AD/Azure AD/LDAP), remote access, wireless posture, and network device configuration review (firewalls/routers/switches).

• →

  Cloud (AWS/Azure): IAM privilege escalation, role assumption via SSRF, misconfig exploitation (S3/Blob, policies), Managed Identity abuse, basic Kubernetes/RBAC misconfigs.

• →

  General support with technical cyber security topics

• →

  Support in the further development of the offensive security area (solutions, training, concepts)
  
  

• OSCP, CPTS or comparable qualification
• Engagement leadership: Proven ability to scope ROE, plan tests, lead execution, ensure QA, and deliver readouts
• Tooling & scripting: Burp Suite Pro; Nmap; Impacket/Responder; BloodHound/SharpHound; CrackMapExec; Kerbrute; Python/PowerShell/Bash for PoCs and one‑offs; Git for versioning.
• Reporting & communication: Evidence‑driven, reproducible findings with clear business impact and remediation; confident executive & engineering readouts.
• Governance: Strong data handling, logging, and chain‑of‑custody discipline; operates strictly within ROE and client compliance environments (e.g., ISO 27001, PCI DSS, etc…).
• Fluent English, basic German